All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I have been trying to get the GB used over 30 days per index, but it keeps coming back with only the first 10. I need it for all indexes, what do I need to do to get that to happen?

nls7010
Path Finder
‎11-08-2018 06:39 AM

index=_internal source=*license_usage.log type=Usage | eval GB = b/1024/1024/1024 | timechart span=30d useother=0 sum(GB) by idx | rename idx as Index, sum(GB) as GIGbyte | sort – GIGbyte
That is the search I have going, not certain why it's only bringing back the first 10 indexes only.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kmaron
Motivator
‎11-08-2018 12:08 PM

Just add limit=0 to your timechart

index=_internal source=*license_usage.log type=Usage 
| eval GB = b/1024/1024/1024 
| timechart span=30d useother=0 sum(GB) by idx limit=0
| rename idx as Index, sum(GB) as GIGbyte 
| sort – GIGbyte

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kmaron
Motivator
‎11-08-2018 12:08 PM

Just add limit=0 to your timechart

index=_internal source=*license_usage.log type=Usage 
| eval GB = b/1024/1024/1024 
| timechart span=30d useother=0 sum(GB) by idx limit=0
| rename idx as Index, sum(GB) as GIGbyte 
| sort – GIGbyte
0 Karma
Reply
Solved! Jump to solution

nls7010
Path Finder
‎11-09-2018 05:48 AM

That worked perfectly, thank you

0 Karma
Reply
Solved! Jump to solution

Rob2520
Communicator
‎11-08-2018 09:25 AM

Try this query

index=_internal source=*license_usage.log type=Usage earliest=-30d@d latest=@d
| stats sum(b) AS Bytes by idx
| eval GB = round(Bytes/1024/1024/1024,2)
| rename idx as index
| table index GB
| sort -GB

For additional statistics on average and max license usage check my other post
https://answers.splunk.com/answers/694793/can-you-help-me-improve-this-alert-for-indexes-tha.html#an...

cheers!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...