Installation

How to determine daily volume usage in GB for single host

OMohi
Path Finder

I would like to know whether there is a query to determine log volume usage for a single host in splunk

Tags (1)
0 Karma

kristian_kolb
Ultra Champion

Yes.

The question is how you define host, but if you have a forwarder on the machine in question, and the app SplunkDeploymentMonitor installed on your indexer/search head, you can see the daily log volumes quite easily by clicking around.

You could always fall back on;

host=XYZ | eval size = len(_raw) | timechart span=1d sum(size) by host

run this over 'previous week' or something like that. NB, depending on the amount of events, this may take time.

/K

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...