Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why does my single panel show the incorrect amount of total disk space available?

vikas_gopal
Builder
‎12-19-2016 06:10 AM

Hi Experts,

I am using below to show total available disk in a single panel

<single>
        <search>
          <query>index=abc source=disk host=$host$ earliest=-10m@m | eval total = (TotalSpaceKB/(1024*1024))| stats avg(total)|rename avg(total) AS total</query>
        </search>
        <option name="height">30</option>
        <option name="drilldown">none</option>
        <option name="numberPrecision">0</option>
        <option name="underLabel">Total Disk in GB</option>
        <option name="showSparkline">0</option>
        <option name="showTrendIndicator">0</option>
      </single>

I can see result in the panel it shows 250 GB, now when I actually check total disk space on that machine it is 237 GB. Not sure why Splunk shows 13 GB extra. This machine only has one C drive. To collect disc data I am using 

[WinHostMon://Disk]
interval = 600
disabled = 0
type = Disk
index = abc

Can anyone suggest what i am doing wrong here?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-19-2016 06:17 AM

Hi vikas_gopal,
probably it's wrong your calculation of GB:

| eval total = TotalSpaceKB/1000000

you should use

| eval total = TotalSpaceKB/1024/1024

In fact:
250000000/1024/1024=238.4 GB
Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎12-19-2016 10:52 AM

Since you are getting performance counter for your disc utilization, should n't you always be trying to read only the single latest event? Assuming your inbound data arrives every 10 minutes.

index=abc source=disk host=$host$ earliest=-10m@m | head 1 | eval totalGB = round(TotalSpaceKB/(1024*1024),0)| stats values(totalGB)  as totalGB
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-19-2016 06:17 AM

Hi vikas_gopal,
probably it's wrong your calculation of GB:

| eval total = TotalSpaceKB/1000000

you should use

| eval total = TotalSpaceKB/1024/1024

In fact:
250000000/1024/1024=238.4 GB
Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

vikas_gopal
Builder
‎12-19-2016 06:22 AM

Thanks for correcting my Stupidity .

0 Karma
Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎12-19-2016 02:51 PM

@vikas_gopal - Did cusello's answer help solve your question? If so, please don't forget to click "Accept" below his answer to resolve this post. Thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...