How can I calculate log transfer traffic from a pa...

aparkale · ‎09-01-2017

How to check event log size in MB of particular host in index?
calculate log transfer traffic from particular host to Splunk cloud.

aparkale · ‎09-04-2017

I have changed the index= host= but still it doesn't provide any output.

alemarzu · ‎09-05-2017

Try like this,

index=_internal host="*" source=*license_usage.log type="Usage" | stats sum(b) as b by h | eval mb=round(b/1024/1024, 3)

aparkale · ‎09-05-2017

still doesn't work for me...

alemarzu · ‎09-06-2017

The above query will show you a table for all your hosts (UF's), bytes and MBs for each one of them. This is working for me, please check what @esix said.

esix_splunk · ‎09-05-2017

Change the host="*" to the host="hostnameofinterest".. You need to make sure that the host is forwarding its logs to the indexer(s) and that your search head(s) are searching those indexers.

alemarzu · ‎09-01-2017

Hi there @aparkale

Please try this search on your license master OR you can run it on your Search Head if you are forwarding internal logs to the Indexer.

index=_internal host=<HOSTNAME,IP> source=*license_usage.log type="Usage" | stats sum(b) as b by h | eval mb=round(b/1024/1024, 3)

How can I calculate log transfer traffic from a particular host?

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

How can I calculate log transfer traffic from a particular host?

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >