Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

HOW TO CALCULATE LOG SAVE ON INDEXER

jacknguyen
Path Finder
‎07-02-2024 01:00 AM

Hi guys,

My boss check on Splunk Master and see that, he want to know  index, source, sourcetype, capacity of log/day for each sourcetype, How can I see that

jacknguyen_0-1719907036118.png

I used this search before, but I feel its not corect 100%,

| dbinspect index=*
| stats sum(rawSize) as total_size by index
| eval total_size_mb = total_size / (1024 * 1024)
| table index total_size_mb

How I can check jacknguyen_0-1719907036118.png this on my Indexer, I can ssh to Indexer too.
Thank you for your time

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 05:28 AM

Hi @jacknguyen,

yes, it should be right, what's the problem?

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:09 AM

Hi @jacknguyen ,

if you use the Monitoring Console or the License consuption dashboard, you can have these information.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 01:15 AM

I cannot access the License Master, I also check Monitoring console in Index volume and instance, no result founds. 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:44 AM

Hi @jacknguyen,

in the monitoring Console at [Indexing > License Usage > Historic License usage ] you can display the license usage split by index or sourcetype, etc...

If this doesn't exactly answer to your question, you can start from this search to customize your own.

Ciao.

Giuseppe 

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 01:48 AM

I cannot see anything. Do you know the search can check this?

jacknguyen_0-1719910099531.png

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:51 AM

Hi @jacknguyen,

this isn't the dashboard I indicated, becsuase you need the historic license consuption not the daily one, anyway, you have a configuration issue on your Monitoring Console, I hint to open a case to Splunk Support for this, otherwise, you cannot solve your request.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 02:26 AM

I use this search

| dbinspect index=*
| stats sum(rawSize) as total_size by index
| eval total_size_mb = total_size / (1024 * 1024)
| table index total_size_mb

and get this result is this right?

jacknguyen_0-1719912375776.png

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 05:28 AM

Hi @jacknguyen,

yes, it should be right, what's the problem?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 10:43 PM

Hi @jacknguyen ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...