I need to create a table from the results in the query below. where the utilization is greater than or equal to .7.
index=test cluster="*"| bin _time span=1d|eval time=(time)|eventstats sum(dscapacityGB) as capacity sum(dsfreeGB) as free sum(dsgarbageGB) as garbage sum(vmdkallocGB) as vmdkallocated sum(vmdkusedGB) as vmdkused by cluster, _time|eval over_allocated = round((vmdkallocated/free*100),2)|eval utilization= round(((vmdkused+garbage)/capacity),2)|eval capacity = round((capacity),2)|eval free = round((free),2)|
eval garbage = round((garbage),2)|eval vmdkallocated = round((vmdkallocated),2)|eval vmdkused = round((vmdkused),2)|dedup _time cluster|where utilization>=.7|table _time cluster capacity free garbage vmdkallocated vmdkused over_allocated utilization
Please feel free to rewrite my code, I know its not efficient or pretty. I'm still learning splunk.
↧