Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to determine the data volume associated to a group of hosts?

olopez77
Explorer
‎03-19-2013 06:24 PM

I have data comming into the corporate indexers from several business units (BU). Given a list of hosts owned by each BU, how do you determine how much data volume is associated to each BU?

Tags (1)
0 Karma
Reply

vincesesto
Communicator
‎03-19-2013 09:05 PM

Hey olopez77,

Have you checked out the Splunk License Usage app that is available:
http://splunk-base.splunk.com/apps/22382/splunk-license-usage

I think this should give you a good idea as to how you can set this up...One of the searches being performed on the dashboard does something like the following:

index="_internal" source="metrics.log" per_host_thruput | chart sum(kb) by series

So all you would really need to do is provide host details for each BU and you can get a total from that.

Hope that this helps, if not let me know and I would be happy to clarify.

Regards Vince

0 Karma
Reply

olopez77
Explorer
‎03-20-2013 10:34 AM

I'm not clear on how to "provide host details", I currently have over 22k hosts sending data. Each BU contributes data from several hundred hosts. The goal is to provide each BU a breakdown of how much volume each BU generates. I only have host lists (csv) to work from. Unfortunately, I have no mechanism in Splunk (i.e. tags, or dedicated indexes) that associate hosts to a BU.

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...