Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Command or search to list index statistics?

the_wolverine
Champion
‎10-03-2010 12:20 PM

We've disabled the UI for our indexers so don't have access to the manager UI for them. The search head UI only shows stats for it's own indexes. How do I list out the stats for my indexer's indexes. I'm interested in current size, last event indexed, and also hotdb/warmdb/colddb counts.

Sure, I could go to the filesystem to look this up but would be nice if there were a search I could run to get this or a splunk command that will list this out from one place for all indexers, if possible.

Reply

Simeon
Splunk Employee
Splunk Employee
‎10-04-2010 05:02 PM

As confirmed by the gkanapathy, you cannot run dbinspect on other machines from the UI. However, you can use the -uri option via command line.

./splunk dispatch "| dbinspect index=myindex" -uri https://<server>:8089
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎10-03-2010 03:38 PM

Please file an ER to request distributed search support for the dbinspect command. Currently dbinspect only returns results from the local machine. For now, you would have to run dbinspect on each indexer an aggregate the results together.

0 Karma
Reply

Brian_Osburn
Builder
‎10-03-2010 06:45 PM

I've opened one previously for this.

0 Karma
Reply

Brian_Osburn
Builder
‎10-03-2010 01:53 PM

Take a look at this http://answers.splunk.com/questions/6147/how-to-generate-a-report-on-multiple-indexes.

It's basically a perl script that I wrote that parses the indexes.conf and uses the dbinspect command functionality to get the information you're looking for.

Unfortunately, the dbinspect command doesn't allow wildcards, hence the parsing of the indexes.conf file.

Brian

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...