Dashboards & Visualizations

Data Ingestion volume by group

phanikumarcs
Explorer

Hello @ITWhisperer ,

i am trying to get the details of "the volume of data ingestion, broken down by index group"

i tried this SPL unable to get the results in the table

index=summary source="splunk-ingestion"
|dedup keepempty=t _time idx
|stats sum(ingestion_gb) as ingestion_gb by _time idx
|bin _time span=1h
|eval ingestion_gb=round(ingestion_gb,3)
|eval group_field=if(searchmatch("idx=.*micro.*group1"), "group1",searchmatch("idx=.*soft.*"), "group2", true(), "other")
|timechart limit=0 span=1d sum(ingestion_gb) as GB by group_field

We are having list of indexes like:
AZ_micro
micro
AD_micro
Az_soft
soft
AZ_soft


From the above indexes 'micro' are grouped under the name 'microgroup', while the indexes 'soft' are grouped under 'softgroup', and so on like below.

so, in the table i want to show the volume of the "groups" like
------------------------------------------
group name         |               volume
------------------------------------------
microgroup         |              <0000>
softgroup             |              <0000>

Labels (1)
Tags (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Your expected output doesn't have a time element so why are you using timechart, or indeed bin _time?

0 Karma

phanikumarcs
Explorer

@ITWhisperer extremely sorry to write in the table, need time as well.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Why use bin span=1h and then use span=1d in the timechart? The bin span=1h is redundant.

What does our timechart search give you and why does it not match your requirement?

0 Karma
Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...