Splunk: Unscaling units
I'm working on a Splunk Application for Solaris. One of the commands that is of interest to me is the fsstat(1m) command output. Here's the output for two filesystem types (zfs, nfs4): solaris# fsstat zfs nfs4 1 1 new name name attr attr lookup rddir read read write write file remov chng get set ops ops ops bytes ops bytes 2.21K 881 521 585K 1.22K 1.71M 9.34K 1.66M 21.3G 765K 10.7G zfs 0 0 0 0 0 0 0 0 0 0 0 nfs4 0 0 0 20 0 0 0 279 997K 142 997K zfs 0 0 0 0 0 0 0 0 0 0 0 nfs4 While Splunk is very flexible in parsing whatever output, for command outputs it is better to do a little pre-formatting: -Make headers single line -Drop the summary line (activity since fs loaded/mounted) -Find a solution to be able to do stats on the autoscale values (K,M,G,T) First, I wrote a script to adjust the output. The output looks l