Hello,
I'm currently using the Unix App to show the disk space of some nodes. This works fine, however, for some nodes, I'm only interested in one of the mounts. For this, I copied df.sh and modified it to my needs:
. `dirname $0`/common.sh
HEADER='Filesystem Type Size Used Avail UsePct MountedOn'
HEADERIZE='{if (NR==1) {$0 = header}}'
PRINTF='{printf "%-50s %-10s %10s %10s %10s %10s %s\n", $1, $2, $3, $4, $5, $6, $7}'
if [ "x$KERNEL" = "xLinux" ] ; then
assertHaveCommand df
CMD='df -TPh'
FILTER_POST='$7 !~ /cassandra_volume/ {next}'
fi
$CMD | tee $TEE_DEST | $AWK "$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $PRINTF" header="$HEADER"
echo "Cmd = [$CMD]; | $AWK '$BEGIN $HEADERIZE $FILTER_PRE $MAP_FS_TO_TYPE $FORMAT $FILTER_POST $NORMALIZE $PRINTF' header=\"$HEADER\"" >> $TEE_DEST
I modified `FILTER_POST` so that the mount must contain `cassandra_volume`.
Because this is a new script I added the default config for it in **default/inputs.conf**:
[script://./bin/df-cassandra.sh]
interval = 300
sourcetype = df
source = df
index = os
disabled = 1
And in **local/inputs.conf**:
[script://./bin/df-cassandra.sh]
disabled = false
as well as setting `disabled = true` for the `df.sh` script.
And great, it works! I get the logs when I use this search query:
index=os host=intcassandra*_datacenter2 sourcetype=df
There is one problem though. I changed this on one node and the others still use the default df.sh script, and for the logs collected from the one where I changed it to the custom script, no fields are extracted:
![example of logs][1]
As you can see, intcassandra01_datacenter2 (the one I added the custom script on) DOES emit the log, but no fields are extracted, while the others (who use df.sh) do have the extracted fields.
Details of the broken log:
![alt text][2]
Details of a working log:
![alt text][3]
Note that, for the very same log (of the same mount) but from a different host, for the custom script it doesn't work, and for the regular one it does.
I have no idea what could cause this. I'm not entirely sure how the entire thing works either so maybe I'm missing something. The file was temporarily edited on a Windows machine, could it be due to some kind of encoding difference or different treatment of spaces or something?
[1]: https://i.gyazo.com/c4cab2b62cc88b5d0d3ea45da0b586f2.png
[2]: https://i.gyazo.com/8ccd1ebb461c213f492b7378dc816a47.png
[3]: https://i.gyazo.com/8a62925b2dec61e0f186101c657c55aa.png
↧