Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Splunk 7.x Quick Start Guide Gain business data insights from operational intelligence

Product type Paperback

Published in Nov 2018

Publisher Packt

ISBN-13 9781789531091

Length 298 pages

Edition 1st Edition

Tools

Splunk

Concepts

Operational Intelligence

Author (1):

James H. Baxter

View More author details

Table of Contents (12) Chapters

Preface

1. Introduction to Splunk FREE CHAPTER

2. Architecting Splunk

3. Installing and Configuring Splunk

4. Getting Data into Splunk

5. Administering Splunk Apps and Users

6. Searching with Splunk

7. Splunk Knowledge Objects

8. Splunk Reports, Dashboards, and Alerts

9. Splunk Applications

10. Advanced Splunk

11. Other Books You May Enjoy

Leave a review - let other readers know what you think

Creating an alert

Let's build an alert that notifies us when available disk space falls below 15% of the total capacity so we can avert any issues that can be caused by running out of disk space.

First, create a search (in Search & Reporting) using a modification of the SPL we used to create the disk usage report earlier in this chapter, as shown in the following code:

| rest services/server/status/partitions-space
| eval pct_disk_free=round(available/capacity*100,2), pct_disk_used=round(100-(available/capacity*100),2)
| eval disk_capGB=round(capacity/1024, 3), disk_availGB=round(available/1024, 3), disk_usedGB = disk_capGB - disk_availGB
| where pct_disk_free <= 15
| table splunk_server disk_capGB disk_usedGB disk_availGB pct_disk_used pct_disk_free

Note the use of the where command to filter only the events where the calculated available disk space is less than or equal...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at ₹800/month. Cancel anytime

Authors (1)

James H. Baxter

James H Baxter is the owner/CEO of Machine Data Insights, Inc., a certified Splunk architect, and a developer and machine learning practitioner with over 35 years of experience in various engineering and analysis disciplines, including radio/satellite; networks; capacity and performance modelling; speech technology; packet-level analysis; programming; and Splunk architecture, administration, and machine learning solutions for companies including MCI, IBM, BP, Disney, and AMEX. James is also a private pilot and holds an Extra class amateur radio and FCC Radiotelephone license. You can reach him at LinkedIn at James H. Baxter.

See other products by James H. Baxter