All Apps and Add-ons

Fire Brigade Feature Request: Please add events per bucket metric

Motivator

Great app! I already see bucket counts, bucket, size, etc. I'd like to see an events per bucket metric, especially since this factors into whether or not buckets qualify for report acceleration.

Thanks,

Rob

0 Karma

Splunk Employee
Splunk Employee

How about the "eventCount" field from | dbinspect?

0 Karma

Community Manager
Community Manager

FYI, Fire Brigade version 2 will no longer be updated (latest version is 2.0.3). The newer versions 2.0.4 and higher will now be available with the original “Fire Brigade” app on Splunkbase which was just updated to support Splunk 6.3. This is noted on the page for Fire Brigade on Splunkbase:
https://splunkbase.splunk.com/app/1581/

If you have any questions, ping the developer of the app @sowings

Cheers!

0 Karma

Motivator

Something like:

index=myindex | eval bucket_event_id=_cd | rex field=bucket_event_id "(?<bucket_id>[^:]+):" | stats count by index sourcetype splunk_server bucket_id | sort splunk_server bucket_id
0 Karma