Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Usage for specific Host

Bisho-Fouad
Explorer
‎04-18-2024 01:42 PM

Hey there , kindly need support how to determine received logs SIZE for specific Host. Prefers to be done through GUI 

Hit: working on distributed environment also own License master instance 

 

thanks in advance, 

Labels (1)
Labels
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎04-18-2024 07:19 PM

Hi @Bisho-Fouad .. on the DMC / license master.. you can find out the license usage of a specific host. 

pls suggest us exactly which step/status you are in.. 

 

As you are asking GUI.. the SPL gives more control actually. 

0 Karma
Reply

yeahnah
Motivator
‎04-18-2024 02:12 PM

Hi @Bisho-Fouad 

Here's an example search to solve your question...

 

host=<your host> ``` and whatever else you need to filter your data ````
| eval bytes = length(_raw)  ``` generally 1 character = 1 byte ```
| stats sum(bytes) AS bytes BY source   ``` this gives the size of each log, assuming the source is the name of the log file ```
| eval kilobytes = bytes/1024)
| evenstats sum(kilobytes) AS total_kb

 

Hope that helps

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...