Splunk search for Disk Free on Windows Machine Using Metrics

Copy
| mstats avg(_value) as avgValue WHERE metric_name="LogicalDisk.*" AND index=em_metrics span=auto by metric_name, host, instance | eval metric_name=metric_name."_".instance, avgValue=avgValue."host".host | xyseries _time metric_name avgValue | rename LogicalDisk.* as *, %_* as perc_*, *: as * | foreach * [ | rex field=<<FIELD>> "(?P<<FIELD>>.+)host(?P<host>.+)$" ]
This Splunk search uses the mstats command to provide a very efficient search that will give Disk Free metrics for Windows hosts over time. This particular search is crafted in a very particular way to be useful as a KPI Base Search in Splunk ITSI.
0 comments

Category:

Windows


Tags:

mstats metrics Disk Free Resource Utilization

Search Commands:

Sign in or Register to submit a comment