Dashboards & Visualizations

How to create a search and dashboard to display the daily license volume usage per index?

sympatiko
Communicator

Hi splunkers,

Good day! I just to ask if possible to see the per index volume usage? Let's just say I have multiple indexes like index1 index2 index3. Then I want to create a dashboard that will check index1 index2 and index3 daily volume usage? Is it possible?

Thanks,

0 Karma

masonmorales
Influencer

You can check-out an app I wrote for this too, it's free: https://splunkbase.splunk.com/app/2678/

0 Karma

mendesjo
Path Finder

what a great looking app. Like allot of other apps and queries you find on here try it or install it, doesn't work. Install it, no issue, load up the dashboard wow looks great. Let's use it.. go to license usage.. says populating, drum roll.. nothing no data.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Are you using Splunk Enterprise 6.x? Use the License Usage Reporting View. Settings > Licensing > Usage Report. See About the Splunk Enterprise license usage report view in the Admin Manual for more information.

0 Karma

Tanefo
Path Finder

hi
it yes possible
index=* OR index=_*| stats count(Volume) by index
you will need to replace Volume by the field name which represente your volume in the index
for other information concerning this please let me know.
thanks and regards

0 Karma

sympatiko
Communicator

By the way Im doing this in a cluster mode. RF=3 SF=3

0 Karma

mendesjo
Path Finder

Why do these queries only show your top 10 indexes? I must be missing something obvious, It shows 10 indexes usually in a column.. but where are all the rest?

0 Karma

sympatiko
Communicator

Hi, thanks for the reply. Sorry Im just new to splunk, what is that particular field?

0 Karma

Tanefo
Path Finder

sorry sympatiko move Volume and run just

index=* OR index=_*| stats count by index

it give you eventypes volume by index but if you want data volume( like MB, GB) i think that its not possible.
you can just see volume data in this path: -> Settings -> Indexes

0 Karma

Tanefo
Path Finder

it give you eventypes volume by index but if you want data volume( like MB, GB) i think that its not possible

0 Karma

sympatiko
Communicator

Thanks for your help. I'll give it a shot. Thanks so much, long live!

0 Karma

satishsdange
Builder

If you are admin user, login into Splunk console -> Settings -> Indexes. It will give you index name, size, event count etc.

0 Karma

sympatiko
Communicator

Hi, Im doing this in a cluster. Thanks

0 Karma

ngatchasandra
Builder

Hi sympatiko,
Try with this query, index=* OR index=_* |timechart span=1d count by index and you are going to see daily count by index.

Your query will be like: index=index1 OR index=index2 OR index= index3 |timechart span=1d count(volume) by index where volume is your field .

0 Karma

sympatiko
Communicator

Hi, thanks for the reply. Sorry Im just new to splunk, what is that particular field?

0 Karma

ngatchasandra
Builder

Wich particular field?

0 Karma

sympatiko
Communicator

Thanks casandra =). I'll try that one

0 Karma

ngatchasandra
Builder

Please if you don't satisfy let me now. If you satisfy, don't forget to vote.

0 Karma

ngatchasandra
Builder

Try only with index=index1 OR index=index2 OR index= index3 |timechart span=1d count by index

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...