Hi
I use this code in order to display the difference between the free space disk and the total space disk
I need to create a color alert in the field
when the difference between space disk and total disk is less than 20 GB, i want the field to be colored in orange and when the difference is less thant 10 GB i want the field colored in red
I dont need the display the difference value but just to color my field
I doesnt see any possibility to add a calcul in the color field rules
How to do please???
index="perfmon" sourcetype="perfmon:logicaldisk" instance=c: counter="Free Megabytes" OR counter="% Free Space"| search host=*
| eval perc_free = if(counter="% Free Space",Value,null)
| eval mb_free = if(counter="Free Megabytes",Value,null)
| stats latest(mb_free) as mb_free latest(perc_free) as perc_free by _time, host, instance
| eval total_space = mb_free / (perc_free) * 100 | eval DiskSize = round(mb_free/1000,2)." MB / ".round(total_space/1000,2)." MB"|eval time = strftime(_time, "%d-%m-%y %H:%M") |table time host instance DiskSize |sort -time
↧