Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Gather size of an index across multiple indexers?

kwaingrow
Path Finder
‎10-03-2012 11:37 AM

We are set up with a single searcher and multiple indexers. We have an unique 500,000 MB index named "website" created on multiple indexers. From a savedsearch on the searcher, is there way to gather the current size of all the "website" indexes across all indexers and display the actual total current size?

If not is there a query command that will extract it that I can run as a savedsearch on each indexers?

Any help is greatly appreciated.

Tags (1)
Reply

Chubbybunny
Splunk Employee
Splunk Employee
‎01-30-2013 05:02 PM

try:

 |eventcount summarize=false report_size=true index=website |  eval MB = size_bytes / 1024 / 1024

-Or, for all indexes-

|eventcount summarize=false report_size=true index=* |  eval MB = size_bytes / 1024 / 1024

!!props to Julian

Reply

s2_splunk
Splunk Employee
Splunk Employee
‎01-27-2016 03:00 PM

You may also want to take a look at the FireBrigade App on Splunkbase for many more details about your indexes. Note that there is a TA as well as the UI part (i.e. two apps to install).

0 Karma
Reply

mendesjo
Path Finder
‎01-27-2016 02:03 PM

found SOS app provides all of this data nicely..

0 Karma
Reply

mendesjo
Path Finder
‎01-27-2016 01:50 PM

That provides size for each individual indexer, but doesnt' give you a tally from all indexers.

0 Karma
Reply
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>

Get Updates on the Splunk Community!