Hey all,
was wondering if there is way to find out usage of perticular index I have a query which gives some numbers i belive it is in kb's so i devided with 1048576 to get in GB's.
but is there any other ways to get more accurate data or some other ways so we can keep eyes on index=test usage data by user or by day something like that.
index=test | eval length = length(_raw)/ 1048576 | timechart span=1d sum(length) as Length
I have also been trying with below query but there is no data I get.
index=test source=*license_usage.log* type=Usage
thanks
You can navigate to the Monitoring Console and view indexes with amount of data over time. It uses "index=_internal source=license_usage.log type=Usage" by default.
If you're searching "index=test source=license_usage.log type=Usage" then you will not be able to find license_usage.log because they are in index=_internal.
I was looking to find out details for index=test
how much data is written on index ?
how often index=test is used in search queries?
any suggestions
For how much data is written on index, you could view it through the gui by going to Settings > Indexes and viewing the summary of the index. If you need more granular let me know but I don't have access to verify searches right now.
This link provides a search which uses the _audit index to view what users are doing. Again, I can't verify right now but if you follow the advice you should be able to get retrieve all the events which include search queries. You would then need to search for "index=test" within those results and do a stats count. Please take a look and report back.
I wanted to see how usage looks like.
ex.. if we doing 30% of data in index or calculation of all events and space using or may be how it runs month to date and shows usage looks like.
i have poweruser roles not the admin roles and if i try doing search with index=test
"index=test action=search" nuthing shows up it looks like no action field available for every index ??
Are you trying to find out how much data is written to index=test or how often 'index=test' is used in a search query?
yes exactly both
any suggestions