The Saturation-Hits-Disk-Full Pattern

The most common saturation incident: disk full. The leading indicators, the alerts, and the prevention.

Leading indicators

Disk fill rate (GB/hour). Alert when projected full in <4 hours.

Inode usage in addition to bytes. Some systems run out of inodes before bytes.

Alert

Multi-window: 1 hour rate, 4 hour rate. The 1-hour catches sudden spikes; 4-hour catches drift.

Threshold: 4 hours to full triggers, 1 hour to full pages.

Prevention

Auto-cleanup of /tmp and old logs older than threshold.

Capacity planning quarterly. Provision before the team runs out.