Solved: Re: monitor inode useage

Vinesh93 · ‎03-25-2020

Is there any possible solution to monitor the inode usage of linux system in Splunk?

PavelP · ‎03-26-2020

you need to install an Add-on for Linux and modify/copy its df.sh script, change

CMD='df -TPh'

to

CMD='df -TPhi'

you can remove -h parameter too.

Output will be:

Filesystem   Type              Size        Used       Avail      UsePct    MountedOn
/dev/sda1   ext4               57G         19G         35G         36%    /

and without -h:

Filesystem    Type              Size        Used       Avail      UsePct    MountedOn
/dev/sda1    ext4           7627488      104349     7523139          2%    /

you can modify the FORMAT and HEADER variables in df.sh further to show Inodes/IUsed/IFree/IUse% instead of Size/Used/Avail/UsePct

View solution in original post

PavelP · ‎03-26-2020

you need to install an Add-on for Linux and modify/copy its df.sh script, change

CMD='df -TPh'

to

CMD='df -TPhi'

you can remove -h parameter too.

Output will be:

Filesystem   Type              Size        Used       Avail      UsePct    MountedOn
/dev/sda1   ext4               57G         19G         35G         36%    /

and without -h:

Filesystem    Type              Size        Used       Avail      UsePct    MountedOn
/dev/sda1    ext4           7627488      104349     7523139          2%    /

you can modify the FORMAT and HEADER variables in df.sh further to show Inodes/IUsed/IFree/IUse% instead of Size/Used/Avail/UsePct

Vinesh93 · ‎03-26-2020

@PavelP Thanks a lot, that works like a charm!!!

PavelP · ‎03-26-2020

thank you @Vinesh93 , please accept the answer as solution so everybody can benefit from it

monitor inode useage

other

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!