# Investigating storage, disks, and volumes ### Disk The term disk refers to the physical storage device of a computer. However, it can also represent a logical storage device, which spans across one or more physical disks. For example, a Redundant Array of Independent Disks (RAID) configuration combines multiple physical disks to form a single logical disk, providing increased performance, redundancy, or both. **Windows** In the **Disk Management** application, the system calls physical drives **disks** and labels them as `Disk 0`, `Disk 1`, ... Under **This PC**, the system assigns these storage devices drive letters (`C:`, `D:`, ...). These devices can vary in type, including local disks, USB drives or virtual disks.

**macOS** In the **Disk Utility** application, the system calls physical drives **media** and they appear as top-level entries. The system classifies them as internal or external and labels them as `disk0`, `disk1`, ...

Using the `diskutil list` command, you can display all devices as `/dev/disk0`, `/dev/disk1`, ...

### Volume Volume refers to a storage unit within a disk that organizes and manages data. It functions as a logical partition and can be formatted with a file system, allowing users to store and access files. Although a single disk can contain multiple volumes, each volume operates independently, providing additional flexibility and organization to the storage system. **Windows** On Windows, in the **Disk Management** application, the system lists volumes under **Volume.**

**macOS** In the **Disk Utility** application, the system displays volumes under the media they belong to.

Using the `diskutil list` command in macOS shows volumes beneath their respective disk drives, with identifiers like `/dev/disk0s1`, `/dev/disk0s2`, ...

### NQL examples

List the system drive (volume/partition) free space on devices.

{% code overflow="wrap" lineNumbers="true" %} ``` devices during past 7d | include volumes | where system == true | compute system_drive_free_space = capacity.sum() * (1 - usage.sum()) | list device.name, system_drive_free_space ``` {% endcode %}

List the system drive usage on devices.

{% code overflow="wrap" lineNumbers="true" %} ``` devices during past 7d | include device_performance.events during past 7d | compute system_drive_used = event.system_drive_usage.avg() | list device.name, system_drive_used | sort system_drive_used desc ``` {% endcode %}

List devices with less than 5GB available on the system drive.

{% code overflow="wrap" lineNumbers="true" %} ``` devices during past 7d | include volumes | where system == true | compute system_drive_free_space = capacity.sum() * (1 - usage.sum()) | where system_drive_free_space < 5000000000 | list device.name, system_drive_free_space ``` {% endcode %}

List a summary of the disks and volume of devices.

{% code overflow="wrap" lineNumbers="true" %} ``` devices during past 7d | list device.name, disks, volumes ``` {% endcode %}

List all disks from all devices with their size, bootable status and type (SSD or HDD).

{% code overflow="wrap" lineNumbers="true" %} ``` disks | list device.name, name, is_bootable, capacity , type ``` {% endcode %}

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nexthink.com/platform/references/investigating-storage-disks-and-volumes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.