I have an event that is using X amount of space.
The search is:
index=network default send string
I'd like to search how many gigs of license this event is using over the last week. Anyway to do that with a search?
In case you want to search license usage by index, you can use following query. Replace the $index$ with the name of the index for which you want to find size.
index=_internal source=*license_usage.log* type=Usage pool="auto_generated_pool_enterprise" idx=$Index$ | eval UsageGB=b/1024/1024/1024 | timechart eval(round(sum(UsageGB),0)) as UG
tried this, seem right?
index=* default send string
| eval b=len(_raw)
| stats sum(b) as mytotal
| eval mytotal = mytotal/1024/1024/2014