Splunk Dev
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Search for the volume of data ingested into a spec...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rleadingham
Engager
06-09-2017
07:03 AM
I have spent hours today researching and testing all sort of searches and I just cannot figure out how to find the information I want. I would have thought it would have been straight forward to find the total volume of data sent to a specific index in MB.
I have came close but only by experimenting with many examples I found on the site.
Any advice would be very much appreciated.
Thank you!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
06-09-2017
09:00 AM
Try this (gives the amount of license used for indexes)
index=_internal sourcetype=splunkd source=*license_usage.log type=Usage
| stats sum(b) as bytes by idx | eval mb=round(bytes/1024/1024,3)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
06-11-2017
10:58 PM
Setup a Monitoring Console:
https://docs.splunk.com/Documentation/Splunk/6.6.1/DMC/DMCoverview
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
06-09-2017
09:00 AM
Try this (gives the amount of license used for indexes)
index=_internal sourcetype=splunkd source=*license_usage.log type=Usage
| stats sum(b) as bytes by idx | eval mb=round(bytes/1024/1024,3)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunkdevabhi
Explorer
12-04-2019
12:14 PM
How to check the daily indexing in such cases ? Would adding span=1d and a timechart help?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
12-04-2019
12:45 PM
If you want overall, then you can use this timechart version
index=_internal sourcetype=splunkd source=*license_usage.log type=Usage
| timechart span=1d sum(b) as usage_mb| eval usage_mb=round(usage_mb/1024/1024,3)
For per index, you can use this
index=_internal sourcetype=splunkd source=*license_usage.log type=Usage
| timechart span=1d sum(b) as usage by idx limit=0 | foreach * [ eval "<<FIELD>>"=round('<<FIELD>>'/1024/1024,3)]
OR
index=_internal sourcetype=splunkd source=*license_usage.log type=Usage
| bucket span=1d _time | stats sum(b) as bytes by _time idx | eval mb=round(bytes/1024/1024,3)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rleadingham
Engager
06-11-2017
11:35 PM
This is absolutely perfect thank you very much. I have what I am looking for and I have learnt more about how to query in Splunk!
Get Updates on the Splunk Community!
Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...
This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...
Elevate Your Organization with Splunk’s Next Platform Evolution
Thursday, July 10, 2025 | 11AM PDT / 2PM EDT
Whether you're managing complex deployments or looking to ...
Splunk Answers Content Calendar, June Edition
Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
