Posts

Showing posts from May, 2011

Splunk: Unscaling units

I'm working on a Splunk Application for Solaris.

One of the commands that is of interest to me is the fsstat(1m) command output.  Here's the output for two filesystem types (zfs, nfs4):

solaris# fsstat zfs nfs4 1 1
 new  name   name  attr  attr lookup rddir  read read  write write
 file remov  chng   get   set    ops   ops   ops bytes   ops bytes
2.21K   881   521  585K 1.22K  1.71M 9.34K 1.66M 21.3G  765K 10.7G zfs
    0     0     0     0     0      0     0     0     0     0     0 nfs4
    0     0     0    20     0      0     0   279  997K   142  997K zfs
    0     0     0     0     0      0     0     0     0     0     0 nfs4
While Splunk is very flexible in parsing whatever output, for command outputs it is better to do a little pre-formatting:
-Make headers single line -Drop the summary line (activity since fs loaded/mounted) -Find a solution to be able to do stats on the autoscale values (K,M,G,T)
First, I wrote a script to adjust the output. The output looks like this now:
./fss…