Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

index limit

glenngermiathen
Path Finder
‎11-08-2013 07:36 AM

How can I find out how much data Splunk is indexing? Before I found something that gave me the Peak daily usage, Avg daily usage, and Avg daily usage for the top 5 days over the last 30 days, but I cant find this anymore. Can someone point me to where to look?

Tags (2)
0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎11-08-2013 09:55 AM

If you are using Splunk 6.0, use the new License Usage Report View. If you are using Splunk 5.x, install the latest version of the Splunk on Splunk app and it has the same view for your 5.x environment.

Reply

somesoni2
Revered Legend
‎11-08-2013 08:07 AM

Following queries can be used for what you are looking for

Total indexed volume by index

|eventcount summarize=false report_size=true index=* | fields index count server size_bytes

Indexed volume for any period

  index=_internal source=*metrics.log | eval MB=kb/1024 | timechart span=1h sum(MB) as TotalMB by series
0 Karma
Reply

glenngermiathen
Path Finder
‎11-08-2013 09:34 AM

Thanks. I dont know if it changed in one of the updates, but there used to be a screen (I think from the manager tab) that showed you all the information for total data indexed for your license.

0 Karma
Reply

lguinn2
Legend
‎11-08-2013 08:34 AM

I also suggest that you install the Splunk on Splunk (SOS) app...

0 Karma
Reply
Get Updates on the Splunk Community!

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...