Re: How can i do a Future Proof for the indexing?

evinasco · ‎09-27-2018

somebody know, how can i do a Future Proof for the indexing?

I need to execute an analysis about the growth of indexing in the time

VatsalJagani · ‎09-27-2018

Hi @evinasco,
Looks like you want to see size growth of particular index over the time, below approach may help.

| dbinspect index=_internal 
| stats sum(sizeOnDiskMB) as size 
| eval index_name=_internal 
| collect index=main sourcetype=index_growth

Change the _internal with your index name you want to monitor. Run above query in search bar, click on Save as Alert. Select alert type as "Scheduled", select schedule period from below drop-down based on your requirement. Click Save.
In future whenever you want to see the index growth over time write below query to get the timechart.

index=main sourcetype="index_growth" | timechart avg(size) by index_name

Hope this helps!

adonio · ‎09-27-2018

what is the problem you are trying to solve?
are you trying to predict index growth?
do you want to analyze past indexing data?
did you try the | dbinspect command?

evinasco · ‎10-22-2018

Hi

my client requested to me to do a document that allows to them to analyze growth in the future for your infraesttuirtuere (Search head, indexers, cpu, memory, disk and license) and how can they execute it.

VatsalJagani · ‎10-22-2018

Can you try predict command?

How can i do a Future Proof for the indexing?

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud