Solved: log file size

DataOrg · ‎04-08-2019

How to calculate file size size which is indexed in splunk.

For example
xx1.log
xx2.log
two files indexed at splunk and i want to calculate the size of the source after index.

whrg · ‎04-08-2019

Hello @premranjithj,

I use the following search to list the top sources by size:

index=_internal source="*license_usage.log" type=usage
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0) | sort - sum_KB
| head 10
| rename s as source

Set the time picker accordingly, e.g. Last 24 hours.

if you want those two specific sources then use:

index=_internal source="*license_usage.log" type=usage (s="xx1.log" OR s="xx2.log")
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0)
| rename s as source

View solution in original post

whrg · ‎04-08-2019

Hello @premranjithj,

I use the following search to list the top sources by size:

index=_internal source="*license_usage.log" type=usage
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0) | sort - sum_KB
| head 10
| rename s as source

Set the time picker accordingly, e.g. Last 24 hours.

if you want those two specific sources then use:

index=_internal source="*license_usage.log" type=usage (s="xx1.log" OR s="xx2.log")
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0)
| rename s as source

log file size

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

Are you a member of the Splunk Community?

log file size

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar