Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

sourcetypes size trend

SplunkySplunk
Explorer
‎12-02-2023 11:59 PM

Hello

What is the best way to calculate sourcetypes size trend by time  index and level ?

 

i tried this two options but couldn't find a way to see the trend :

index=_internal source=*license_usage.log*  type=Usage idx=*| eval GB=b/1024/1024/1024 | stats sum(GB) by st idx

 

index=*   | eval raw_len=len(_raw)/1024/1024/1024 | stats sum(raw_len) as totalsize  count as NumberOfEvent by index sourcetype | sort -NumberOfEvent
| fields - NumberOfEvent
Labels (1)
Labels
Tags (2)
0 Karma
Reply

renjith_nair
Legend
‎12-03-2023 05:59 AM

Try including the _time as well in your search 

Either using timechart or by _time bucket 

index=_internal source=*license_usage.log*  type=Usage idx=*| eval GB=b/1024/1024/1024 |timchart span=1d sum(gb) by st

 

or

index=_internal source=*license_usage.log*  type=Usage idx=*| eval GB=b/1024/1024/1024 |bin _time span=1d 
| stats sum(GB) by _time,st
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

sarit_s
Communicator
‎12-04-2023 01:00 AM

Hello

It looks good but once im clicking on one of the graphs its shows no results:

sarit_s_0-1701680370824.pngsarit_s_1-1701680389468.png

also, i want to visualize by Level as well

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...