Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I query ingestion in GB by each index instead of just the top 10?

ney
New Member
‎05-10-2022 12:30 PM

Hi, how do I query ingestion in GB by each index instead of just the top 10?

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎05-11-2022 01:17 AM

I assume you're referring to the report from the licensing report. You can click on the small magnifying glass below the chart to open the search in a new search window. There you can add "limit=0 useother=f" to the timechart command and you're good to go 🙂

0 Karma
Reply

Roy_9
Motivator
‎05-10-2022 07:38 PM

@ney Hello,

Try the below search.

index=_internal idx=* component=LicenseUsage earliest=-30d@d latest=@d
| eval
GB=round('b'/pow(1024, 3), 3)
| stats
sum(GB) as total_daily_GB
by idx

 

Note: you can set the earliest and latest as per your desired time

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...