Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to find which sourcetype is sending the highest logs in last 10 minutes

pankajupadhyay
Path Finder
‎10-14-2020 06:05 AM

Hi,

can someone please help ?

How to get the count or logs in gb/mb from particular sourcetype  on indexer?

 

 

 

Labels (3)
Labels
0 Karma
Reply

inventsekar
Super Champion
‎10-14-2020 06:29 AM

 

index=_internal source=*license_usage.log type="Usage" 
| eval indexname = if(len(idx)=0 OR isnull(idx),"(UNKNOWN)",idx)
| eval sourcetypename = st
| bin _time span=1d 
| stats sum(b) as b by _time, pool, indexname, sourcetypename
| eval GB=round(b/1024/1024/1024, 3)
| fields _time, indexname, sourcetypename, GB

 

Once you got the results, you can sort / filter them hourly, daily, weekly, etc. 

 

https://wiki.splunk.com/Community:TroubleshootingIndexedDataVolume

this page got license usage splunk search queries.

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...