Charting Total Index Size vs Used Space Inside Ind...

aferone · ‎09-25-2012

Hello to all,

We have a few indexes that are configured with different max MB's. I want to be able to create a dashboard that shows pie charts of each index that shows total size of the index vs how much actual data is in each index.

I have no problems hard-coding the total values, but how do I get how many MB are being used in each index?

And for another elementary question, how I chart the total value vs the used value?

Thanks for the help!

Alex

paul_1994 · ‎01-16-2013

Updated Links for the links above

Here in the docs

Visualization the docs

The Visualization link may not be the same thing.. It seems the chart gallery is missing.

melting · ‎09-25-2012

To get the index sizes you can use this search

 | eventcount summarize=false report_size=true index=* | eval MB = size_bytes / 1024 / 1024

To get the max index size, perhaps you could make a CSV and use it as a lookup: Here in the docs

Finally how to chart? Perhaps take a look at the Visualization the docs But to help start by making a table lik e this:

 ... | table index MB total_MB

sdewar83 · ‎09-18-2019

This doesnt seem to work? I tried the eventcount command... what it shows in MB as the size of my indexes is less than what it shows when i navigate to the index folder on the server and less than what it shows in Settings > indexes. Settings > Indexes and the actual folder sizes on disk match up.

Charting Total Index Size vs Used Space Inside Index

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation