How to calculate size of Index

Anantha123 · ‎09-17-2023

what are the different ways to calculate size of one index ?

looking for solutions other than "licence_usage.log".

Appreciate your help. Thank you.

inventsekar · ‎09-17-2023

1). on DMC, you can get the index size details.

2). Using dbinspect command you can get the index size

| dbinspect index=myindex | eval GB=sizeOnDiskMB/1024 | stat sum(GB)

3). rest command

| rest /services/data/indexes | stats values(currentDBSizeMB) by title

4) eventcount command:

| eventcount summarize=false index=* report_size=true | eval GB=(size_bytes/1024)/1024/1024 | stats sum(GB) by index, server

5) collect command: (not sure of this... pls test this one)

|collect index=myindex

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

Anantha123 · ‎04-23-2024

Thank you for the reply

PickleRick · ‎04-23-2024

A bit late to the party 😉

But seriously - getting the size of the index is one thing but before that we need to define what we mean by that.

Index can be measured by many different parameters.

1. Cumulative size of all indexed events (that's what license usage counts as well)

2. Size of raw event files (compressed or not)

3. Cumulative size of everything related to just events (raw data, metadata)

4. Cumulative size of data regarding events as well as summaries created for given index.

5. Any of the above points but expressed not in terms of file sizes but in terms of usage of underlying storage (as in block-aligned or similar).

Are you a member of the Splunk Community?