Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Help to find daily indexed data size by each index

dhavamanis
Builder
‎06-10-2015 12:10 PM

Need your help,

Can you please tell us, how to find daily indexed data size by each index?

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

ppablo
Retired
‎06-10-2015 12:30 PM

Hi @dhavamanis

There are large number of the same, if not similar, question already posted on Answers. Do the search(es) in this post answer your question? There's an option per day and per month.
http://answers.splunk.com/answers/154773/how-to-create-a-report-that-shows-max-indexed-volume-per-da...

View solution in original post

Reply
Solved! Jump to solution
Solution

ppablo
Retired
‎06-10-2015 12:30 PM

Hi @dhavamanis

There are large number of the same, if not similar, question already posted on Answers. Do the search(es) in this post answer your question? There's an option per day and per month.
http://answers.splunk.com/answers/154773/how-to-create-a-report-that-shows-max-indexed-volume-per-da...

Reply
Solved! Jump to solution

dhavamanis
Builder
‎06-10-2015 01:19 PM

Thanks, i have just added wildcard search for source to get the results.

index=_internal source="*license_usage.log*" type=Usage  | eval yearmonthday=strftime(_time, "%Y%m%d") | eval yearmonth=strftime(_time, "%Y%m%d") | stats sum(eval(b/1024/1024/1024)) AS volume_b by idx yearmonthday yearmonth | chart sum(volume_b) over yearmonth by idx
Reply
Solved! Jump to solution

indut
Path Finder
‎02-20-2025 02:19 AM

hi, Why do we have 2 fields  yearmonthday  and yearmonth in this query? 

0 Karma
Reply
Solved! Jump to solution

indut
Path Finder
‎02-20-2025 02:50 PM

hi any update on this from anyone ? Thank you!

0 Karma
Reply
Solved! Jump to solution

ppablo
Retired
‎06-10-2015 01:26 PM

Great, I'm glad it helped you find your solution 🙂

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...