I would like to understand the profile our users have for their searches in order to determine the optimal value to place the default search disk quota at. Where would that type of information be logged in the internal tables?
A quick way to determine a user's quota is to run the following search on the search head:
| rest splunk_server=local /services/search/jobs | eval diskUsageMB=diskUsage/1024/1024 | stats sum(diskUsageMB) by eai:acl.owner
Hope this helps.
d.
View solution in original post
