Splunk Enterprise Security

How can i do a Future Proof for the indexing?

evinasco
Communicator

somebody know, how can i do a Future Proof for the indexing?

I need to execute an analysis about the growth of indexing in the time

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

Hi @evinasco,
Looks like you want to see size growth of particular index over the time, below approach may help.

| dbinspect index=_internal 
| stats sum(sizeOnDiskMB) as size 
| eval index_name=_internal 
| collect index=main sourcetype=index_growth

Change the _internal with your index name you want to monitor. Run above query in search bar, click on Save as Alert. Select alert type as "Scheduled", select schedule period from below drop-down based on your requirement. Click Save.
In future whenever you want to see the index growth over time write below query to get the timechart.

index=main sourcetype="index_growth" | timechart avg(size) by index_name

Hope this helps!

0 Karma

adonio
Ultra Champion

what is the problem you are trying to solve?
are you trying to predict index growth?
do you want to analyze past indexing data?
did you try the | dbinspect command?

0 Karma

evinasco
Communicator

Hi

my client requested to me to do a document that allows to them to analyze growth in the future for your infraesttuirtuere (Search head, indexers, cpu, memory, disk and license) and how can they execute it.

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

Can you try predict command?

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...