Solved: Splunk Light v6.3 - How to get Volume or Disk labe...

ccitrano · ‎04-01-2016

Hello,

I'm querying the LogicalDisk object and there is a field name "Name" which carries information like "C:". I'm trying to get the Volume or Disk label associated with the drive. This will allow me to filter queries based on some standards we have like "DATA", "TEMPDB" etc.

We have not standardized the drive assignments, but we were good with the labels on them.

I'm just starting with Splunk. I have the Windows addon installed and enabled.

Chuck.

jterry · ‎04-07-2016

If the data you want to index/search is already in a file, a simple file monitor input will suffice. If not, a scripted or modular input may be the way to go.

View solution in original post

jterry · ‎04-07-2016

If the data you want to index/search is already in a file, a simple file monitor input will suffice. If not, a scripted or modular input may be the way to go.

jterry · ‎04-04-2016

If the data you want to index/search is already in a file, a simple file monitor input will suffice. If not, a scripted or modular input may be the way to go.

ccitrano · ‎04-07-2016

Jerry,

thanks for the suggestion. The data is not in a file, but can easily be obtained via a script/powershell.

I'll do some searching on how to pull that in. I was hoping that there was another perfmon counter or stat that would easily give me that.

Cheers.
Chuck.

Splunk Light v6.3 - How to get Volume or Disk label

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?