Splunk Search

How to quickly count total events in an index?

muebel
SplunkTrust
SplunkTrust

Besides running "index=foo *" is there a way to quickly check the total number of events indexed in an index?

Tags (2)
1 Solution

ftk
Motivator

That's way slicker than | metadata type=hosts index=foo | stats sum(totalCount)...awesome.

0 Karma

bgagliardi1
Path Finder

I found this article just now because I wanted to do something similar, but i have dozens of indexes, and wanted a sum by index over X time.

index=* | chart count(index) by index | sort - count(index) | rename count(index) as "Sum of Events"

0 Karma

earlhelms
Path Finder

6 years later, thanks!

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.