Besides running "index=foo *" is there a way to quickly check the total number of events indexed in an index?
| eventcount index=foo
http://www.splunk.com/base/Documentation/latest/SearchReference/Eventcount
View solution in original post
That's way slicker than | metadata type=hosts index=foo | stats sum(totalCount)...awesome.
I found this article just now because I wanted to do something similar, but i have dozens of indexes, and wanted a sum by index over X time.
index=* | chart count(index) by index | sort - count(index) | rename count(index) as "Sum of Events"
6 years later, thanks!
