Solved: log file size

DataOrg · ‎04-08-2019

How to calculate file size size which is indexed in splunk.

For example
xx1.log
xx2.log
two files indexed at splunk and i want to calculate the size of the source after index.

whrg · ‎04-08-2019

Hello @premranjithj,

I use the following search to list the top sources by size:

index=_internal source="*license_usage.log" type=usage
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0) | sort - sum_KB
| head 10
| rename s as source

Set the time picker accordingly, e.g. Last 24 hours.

if you want those two specific sources then use:

index=_internal source="*license_usage.log" type=usage (s="xx1.log" OR s="xx2.log")
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0)
| rename s as source

View solution in original post

whrg · ‎04-08-2019

Hello @premranjithj,

I use the following search to list the top sources by size:

index=_internal source="*license_usage.log" type=usage
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0) | sort - sum_KB
| head 10
| rename s as source

Set the time picker accordingly, e.g. Last 24 hours.

if you want those two specific sources then use:

index=_internal source="*license_usage.log" type=usage (s="xx1.log" OR s="xx2.log")
| eval KB= b/1024| chart sum(KB) as sum_KB by s | eval sum_KB=round(sum_KB,0)
| rename s as source

log file size

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

log file size

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits