Splunk Enterprise

過去1年ごとの総ログ量の推移グラフ

ishidak
Engager

SplunkEnterpriseを利用しています。

過去1年の日ごとの総ログ量の推移を確認したいのですが、

_internalインデックスには過去30日までしかログを保管されておりません。

過去30日より以前のログに関してはどのインデックスを指定すれば確認できるでしょうか。

Labels (1)
0 Karma

thambisetty
Super Champion

you are welcome. please accept my answer as solution.

————————————
If this helps, give a like below.
0 Karma

thambisetty
Super Champion

(index=_telemetry source=*license_usage_summary.log* type="RolloverSummary")
| bin _time span=1d
| stats latest(b) AS b by slave, pool, _time
| timechart span=1d sum(b) AS "volume" fixedrange=true
| eval GB=round((((volume / 1024) / 1024) / 1024),3), Volume=GB
| fields - GB, volume

————————————
If this helps, give a like below.
Tags (2)

ishidak
Engager

Thank you so much.

The log has been successfully displayed.

I am gratefui for your advice.

 

Tags (1)
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...