Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Query Mountpoint monitoring via splunk

aparnaa
Path Finder
‎11-05-2016 01:16 AM

Hi All

Can you please let me know if we can monitor mount point via splunk , if yes please let me know what changes are required
OS : Windows

We have mount points in DB servers and want to monitor them also

Thanks,
aparna

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aparnaa
Path Finder
‎11-05-2016 02:49 AM

I did some more checking and found that because of the below details in input.conf file, mount point details where already showing up
File system names were listed in "instance" field

[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = _infra_index

Below query showed free space details
index=infra source="Perfmon:Free Disk Space" instance!=_Total counter="% Free Space"| table host,counter,instance,Value | dedup host,counter,instance,Value | eval Free_space=round(Value,2) | Where Free_space < 25 | rename instance as "Disk Drive" Free_space as "Free Space %" | fields - Value,counter

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aparnaa
Path Finder
‎11-05-2016 02:49 AM

I did some more checking and found that because of the below details in input.conf file, mount point details where already showing up
File system names were listed in "instance" field

[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = _infra_index

Below query showed free space details
index=infra source="Perfmon:Free Disk Space" instance!=_Total counter="% Free Space"| table host,counter,instance,Value | dedup host,counter,instance,Value | eval Free_space=round(Value,2) | Where Free_space < 25 | rename instance as "Disk Drive" Free_space as "Free Space %" | fields - Value,counter

0 Karma
Reply
Solved! Jump to solution

aparnaa
Path Finder
‎11-05-2016 01:51 AM

I found these in my input.conf but wasnt sure which actually monitors mount point
[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = infra_index

[perfmon://PhysicalDisk]
counters = Avg. Disk Read Queue Length; Avg. Disk Write Queue Length; Avg. Disk sec/Read; Avg. Disk sec/Write; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write
disabled = 0
instances = _Total
interval = 120
object = PhysicalDisk
index = infra_index

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...