Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I check event size?

chintan_shah
Path Finder
‎08-11-2017 01:06 PM

Hi,

Is there any way to determine which events takes a lot of storage/data? It will help me to bypass those events if required.

0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎08-12-2017 08:14 AM

Hey chintan_shah!

Check out the meta woot! app on splunkbase.

It provides many must have views for Splunk Admins, including a licensing data model that show you license usage per event:

alt text

This will allow you to monitor how much license a sourcetype/index are using per event.

Once you narrow it down you can then use a search like this to investigate the raw events

index=_internal sourcetype="splunkd"
| eval eventSize=len(_raw)
| table eventSize _raw
| sort - eventSize

and append | stats max(eventSize), avg(eventSize), min(eventSize) to keep some high level stats on your data.

alt text

- MattyMo
0 Karma
Reply

manish_singh_77
Builder
‎09-24-2019 06:41 AM

@mmodestino_splunk

I am trying to check the license usage consumption by event pattern and trying to create a report which would say which event patterns are consuming more license.

0 Karma
Reply

lfedak_splunk
Splunk Employee
Splunk Employee
‎08-11-2017 03:36 PM

Hey @chintan_shah, did I edit your question correctly? Are you hoping to check your licensing limits? Or is this for your own storage capacity?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...