https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185705#M53506 <P>Hello, I need certain details for my indexes. I have searched Splunk answers but have yet to find an answer that works for me.</P> <P>Essentially, I need to find the average daily volume for my indexes in the last ~30 days. I also need to find out how the indexes are being used and by whom. </P> <P>Any information would be greatly appreciated. Thank you for your help</P> Fri, 16 Jan 2015 21:39:27 GMT beepboop12 2015-01-16T21:39:27Z https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185705#M53506 <P>Hello, I need certain details for my indexes. I have searched Splunk answers but have yet to find an answer that works for me.</P> <P>Essentially, I need to find the average daily volume for my indexes in the last ~30 days. I also need to find out how the indexes are being used and by whom. </P> <P>Any information would be greatly appreciated. Thank you for your help</P> Fri, 16 Jan 2015 21:39:27 GMT https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185705#M53506 beepboop12 2015-01-16T21:39:27Z https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185706#M53507 <P>For the index usage, use this search to get started:</P> <BLOCKQUOTE> <P>index=_internal source="*metrics.log" group="per_index_thruput" | timechart span=1d sum(kb) by series</P> </BLOCKQUOTE> Mon, 28 Sep 2020 18:39:05 GMT https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185706#M53507 knutsod 2020-09-28T18:39:05Z https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185707#M53508 <H3>Daily Volume for Indexes</H3> <P>Check out <A href="https://apps.splunk.com/app/748/">S.o.S. (Splunk on Splunk)</A> ! It's a free app.</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/189i9129FFEF3C93D2C7/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> <PRE><CODE>`set_internal_index` host="some_host" source=*metrics.log group="per_index_thruput" | bin _time | stats sum(kb) AS KB by series,_time | timechart minspan=30s avg(eval(round(KB/1024/1024,2))) by series </CODE></PRE> <P>You could then change sum (like the image) to avg (in the code above).</P> <H3>Index Access &amp; Usage</H3> <P>It sounds like you want to explore the <CODE>_internal</CODE> index! </P> <P>See <A href="http://docs.splunk.com/Documentation/Splunk/6.2.1/Troubleshooting/WhatSplunklogsaboutitself">this documentation</A> for lots of information.</P> Fri, 16 Jan 2015 22:08:47 GMT https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185707#M53508 aljohnson_splun 2015-01-16T22:08:47Z https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185708#M53509 <P>Additionally, if you're on 6.2.x, check out the Distributed Management Console that ships since this version. It has many great base statistics you can work off from.</P> Sun, 18 Jan 2015 00:44:30 GMT https://community.splunk.com/t5/Splunk-Search/Details-on-indexes/m-p/185708#M53509 martin_mueller 2015-01-18T00:44:30Z