Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk query

DTERM
Contributor
‎02-07-2012 10:30 AM

I found the following Splunk query that tells the local disk space. Is there a similar command that I could use to query stats like diskspace from another host. (I know how to do this through SSH, however I need the splunk'd solution.) Thanks!

[root@splunk bin]# ./splunk search "sourcetype=df | multikv | dedup host,Filesystem | rex field=UsePct \"(?\d+)\"" admin:changeme

/dev/sda3 ext4 46G 6.1G 37G 15% /

/dev/sda1 ext4 248M 47M 189M 20% /boot

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Lamar
Splunk Employee
Splunk Employee
‎02-07-2012 11:09 AM

You could put a forwarder on said 'remote' server, install the *NIX app on it and have it feed your indexer File System usage information via the sourcetype 'df'...

Then, you could see all of your servers at the same time...just sayin...

View solution in original post

Reply
Solved! Jump to solution
Solution

Lamar
Splunk Employee
Splunk Employee
‎02-07-2012 11:09 AM

You could put a forwarder on said 'remote' server, install the *NIX app on it and have it feed your indexer File System usage information via the sourcetype 'df'...

Then, you could see all of your servers at the same time...just sayin...

Reply
Solved! Jump to solution

DTERM
Contributor
‎02-08-2012 06:02 AM

Perfect!! Thanks so much!!

0 Karma
Reply
Solved! Jump to solution

Lamar
Splunk Employee
Splunk Employee
‎02-07-2012 11:28 AM

Indeed.

Please take a look at this thread for possible pitfalls:

http://splunk-base.splunk.com/answers/13202/splunk-42-universal-forwarder-nix-app-install-via-cli

0 Karma
Reply
Solved! Jump to solution

DTERM
Contributor
‎02-07-2012 11:15 AM

Will the Unix application work on a universal forwarder? The objective is to have Splunk perform a few simple remote queries.

0 Karma
Reply
Get Updates on the Splunk Community!

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...