Dashboards & Visualizations

How to create a search and dashboard to display the daily license volume usage per index?

sympatiko
Communicator

Hi splunkers,

Good day! I just to ask if possible to see the per index volume usage? Let's just say I have multiple indexes like index1 index2 index3. Then I want to create a dashboard that will check index1 index2 and index3 daily volume usage? Is it possible?

Thanks,

0 Karma

masonmorales
Influencer

You can check-out an app I wrote for this too, it's free: https://splunkbase.splunk.com/app/2678/

0 Karma

mendesjo
Path Finder

what a great looking app. Like allot of other apps and queries you find on here try it or install it, doesn't work. Install it, no issue, load up the dashboard wow looks great. Let's use it.. go to license usage.. says populating, drum roll.. nothing no data.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Are you using Splunk Enterprise 6.x? Use the License Usage Reporting View. Settings > Licensing > Usage Report. See About the Splunk Enterprise license usage report view in the Admin Manual for more information.

0 Karma

Tanefo
Path Finder

hi
it yes possible
index=* OR index=_*| stats count(Volume) by index
you will need to replace Volume by the field name which represente your volume in the index
for other information concerning this please let me know.
thanks and regards

0 Karma

sympatiko
Communicator

By the way Im doing this in a cluster mode. RF=3 SF=3

0 Karma

mendesjo
Path Finder

Why do these queries only show your top 10 indexes? I must be missing something obvious, It shows 10 indexes usually in a column.. but where are all the rest?

0 Karma

sympatiko
Communicator

Hi, thanks for the reply. Sorry Im just new to splunk, what is that particular field?

0 Karma

Tanefo
Path Finder

sorry sympatiko move Volume and run just

index=* OR index=_*| stats count by index

it give you eventypes volume by index but if you want data volume( like MB, GB) i think that its not possible.
you can just see volume data in this path: -> Settings -> Indexes

0 Karma

Tanefo
Path Finder

it give you eventypes volume by index but if you want data volume( like MB, GB) i think that its not possible

0 Karma

sympatiko
Communicator

Thanks for your help. I'll give it a shot. Thanks so much, long live!

0 Karma

satishsdange
Builder

If you are admin user, login into Splunk console -> Settings -> Indexes. It will give you index name, size, event count etc.

0 Karma

sympatiko
Communicator

Hi, Im doing this in a cluster. Thanks

0 Karma

ngatchasandra
Builder

Hi sympatiko,
Try with this query, index=* OR index=_* |timechart span=1d count by index and you are going to see daily count by index.

Your query will be like: index=index1 OR index=index2 OR index= index3 |timechart span=1d count(volume) by index where volume is your field .

0 Karma

sympatiko
Communicator

Hi, thanks for the reply. Sorry Im just new to splunk, what is that particular field?

0 Karma

ngatchasandra
Builder

Wich particular field?

0 Karma

sympatiko
Communicator

Thanks casandra =). I'll try that one

0 Karma

ngatchasandra
Builder

Please if you don't satisfy let me now. If you satisfy, don't forget to vote.

0 Karma

ngatchasandra
Builder

Try only with index=index1 OR index=index2 OR index= index3 |timechart span=1d count by index

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...