Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

HOW TO CALCULATE LOG SAVE ON INDEXER

jacknguyen
Path Finder
‎07-02-2024 01:00 AM

Hi guys,

My boss check on Splunk Master and see that, he want to know  index, source, sourcetype, capacity of log/day for each sourcetype, How can I see that

jacknguyen_0-1719907036118.png

I used this search before, but I feel its not corect 100%,

| dbinspect index=*
| stats sum(rawSize) as total_size by index
| eval total_size_mb = total_size / (1024 * 1024)
| table index total_size_mb

How I can check jacknguyen_0-1719907036118.png this on my Indexer, I can ssh to Indexer too.
Thank you for your time

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 05:28 AM

Hi @jacknguyen,

yes, it should be right, what's the problem?

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:09 AM

Hi @jacknguyen ,

if you use the Monitoring Console or the License consuption dashboard, you can have these information.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 01:15 AM

I cannot access the License Master, I also check Monitoring console in Index volume and instance, no result founds. 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:44 AM

Hi @jacknguyen,

in the monitoring Console at [Indexing > License Usage > Historic License usage ] you can display the license usage split by index or sourcetype, etc...

If this doesn't exactly answer to your question, you can start from this search to customize your own.

Ciao.

Giuseppe 

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 01:48 AM

I cannot see anything. Do you know the search can check this?

jacknguyen_0-1719910099531.png

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:51 AM

Hi @jacknguyen,

this isn't the dashboard I indicated, becsuase you need the historic license consuption not the daily one, anyway, you have a configuration issue on your Monitoring Console, I hint to open a case to Splunk Support for this, otherwise, you cannot solve your request.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 02:26 AM

I use this search

| dbinspect index=*
| stats sum(rawSize) as total_size by index
| eval total_size_mb = total_size / (1024 * 1024)
| table index total_size_mb

and get this result is this right?

jacknguyen_0-1719912375776.png

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 05:28 AM

Hi @jacknguyen,

yes, it should be right, what's the problem?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 10:43 PM

Hi @jacknguyen ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...