Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to display a search result by the Log Size per field in MB, not the event count?

pavanae
Builder
‎10-01-2015 12:32 PM

Hi

I have the following search which is presently displaying the list of eventcounts by the field "category_type", but I want to see the result in log size per field instead of event count. Is it possible to see like that? If yes please suggest me a way.

index="abc"  source="/opt/jboss/server/shoe/log/server.log" |stats count by category_type

Thanks in Advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ppablo
Retired
‎10-01-2015 01:00 PM

Hi @pavanae

Is the answer on this previous post what you're looking for?
http://answers.splunk.com/answers/210689/how-to-get-license-usage-data-for-a-particular-ind-1.html

You'd just have to adapt the eval to convert to MB.

View solution in original post

Reply
Solved! Jump to solution

valiquet
Contributor
‎12-21-2018 05:36 AM

index="abc" source="/opt/jboss/server/shoe/log/server.log"|foreach * [eval size_<>=len(<>)] | stats sum(size*)

0 Karma
Reply
Solved! Jump to solution
Solution

ppablo
Retired
‎10-01-2015 01:00 PM

Hi @pavanae

Is the answer on this previous post what you're looking for?
http://answers.splunk.com/answers/210689/how-to-get-license-usage-data-for-a-particular-ind-1.html

You'd just have to adapt the eval to convert to MB.

Reply
Solved! Jump to solution

pavanae
Builder
‎10-01-2015 01:22 PM

Thanks worked Great but what if want the result in MB. How should I modify the
...|eval MB = length(_raw) |....

0 Karma
Reply
Solved! Jump to solution

ppablo
Retired
‎10-01-2015 03:35 PM

Just like @martin_mueller's comment in that post, but change it to convert to MB instead of GB...

 ... | eval length = length(_raw) / 1024 | ...
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...