Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

HOW TO CALCULATE LOG SAVE ON INDEXER

jacknguyen
Path Finder
‎07-02-2024 01:00 AM

Hi guys,

My boss check on Splunk Master and see that, he want to know  index, source, sourcetype, capacity of log/day for each sourcetype, How can I see that

jacknguyen_0-1719907036118.png

I used this search before, but I feel its not corect 100%,

| dbinspect index=*
| stats sum(rawSize) as total_size by index
| eval total_size_mb = total_size / (1024 * 1024)
| table index total_size_mb

How I can check jacknguyen_0-1719907036118.png this on my Indexer, I can ssh to Indexer too.
Thank you for your time

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 05:28 AM

Hi @jacknguyen,

yes, it should be right, what's the problem?

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:09 AM

Hi @jacknguyen ,

if you use the Monitoring Console or the License consuption dashboard, you can have these information.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 01:15 AM

I cannot access the License Master, I also check Monitoring console in Index volume and instance, no result founds. 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:44 AM

Hi @jacknguyen,

in the monitoring Console at [Indexing > License Usage > Historic License usage ] you can display the license usage split by index or sourcetype, etc...

If this doesn't exactly answer to your question, you can start from this search to customize your own.

Ciao.

Giuseppe 

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 01:48 AM

I cannot see anything. Do you know the search can check this?

jacknguyen_0-1719910099531.png

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 01:51 AM

Hi @jacknguyen,

this isn't the dashboard I indicated, becsuase you need the historic license consuption not the daily one, anyway, you have a configuration issue on your Monitoring Console, I hint to open a case to Splunk Support for this, otherwise, you cannot solve your request.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎07-02-2024 02:26 AM

I use this search

| dbinspect index=*
| stats sum(rawSize) as total_size by index
| eval total_size_mb = total_size / (1024 * 1024)
| table index total_size_mb

and get this result is this right?

jacknguyen_0-1719912375776.png

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 05:28 AM

Hi @jacknguyen,

yes, it should be right, what's the problem?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-02-2024 10:43 PM

Hi @jacknguyen ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...