Solved: Re: log file size

DataOrg · ‎04-08-2019

How to calculate file size size which is indexed in splunk.

For example
xx1.log
xx2.log
two files indexed at splunk and i want to calculate the size of the source after index.

whrg · ‎04-08-2019

Hello @premranjithj,

I use the following search to list the top sources by size:

index=_internal source="*license_usage.log" type=usage
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0) | sort - sum_KB
| head 10
| rename s as source

Set the time picker accordingly, e.g. Last 24 hours.

if you want those two specific sources then use:

index=_internal source="*license_usage.log" type=usage (s="xx1.log" OR s="xx2.log")
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0)
| rename s as source

View solution in original post

whrg · ‎04-08-2019

Hello @premranjithj,

I use the following search to list the top sources by size:

index=_internal source="*license_usage.log" type=usage
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0) | sort - sum_KB
| head 10
| rename s as source

Set the time picker accordingly, e.g. Last 24 hours.

if you want those two specific sources then use:

index=_internal source="*license_usage.log" type=usage (s="xx1.log" OR s="xx2.log")
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0)
| rename s as source

log file size

What’s New in Splunk Cloud Platform 9.1.2308?

Index This | Why do they call it hyper text?

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk