Re: Get database Size per day and Total size of al...

dpatiladobe · ‎02-21-2018

I would like to get o/p as below

I am using

But it give Total per row instead of combining rows or toal of database per day.

mayurr98 · ‎02-21-2018

You can try something like this

 index=xxxx sourcetype="log" "Database =" AND "Size" host=xxxxx 
 |eval date=strftime(_time, "%Y-%m-%d") 
 |eval Size_MB = replace(Size,"MB","")
 |convert num(Size_MB) as Size_MB 
 |table date Database Size_MB
 |eventstats sum(Size_MB) as Total by  date

let me know if this helps!

dpatiladobe · ‎02-22-2018

The Total value is set for all rows and not as per the above.

HiroshiSatoh · ‎02-21-2018

Try this!

index=xxxx sourcetype="log" "Database =" AND "Size" host=xxxxx 
|eval date=strftime(_time, "%Y-%m-%d") 
|eval Size_MB = replace(Size,"MB","") 
|table date Database Size_MB
|streamstats count as No by Data
|eventstats sum(size) as Total,max(No) as Max_No by  date
|eval Total=if(No=Max_No,Total,"")
|table date Database Size_MB Total

dpatiladobe · ‎02-22-2018

The Total value is set for all rows and not as per the above.

HiroshiSatoh · ‎02-23-2018

Fix to display total on the last line.
I have never done it before ...

Get database Size per day and Total size of all databases

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Data Management Digest – November 2025

Are you a member of the Splunk Community?

Get database Size per day and Total size of all databases

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Data Management Digest – November 2025