Solved: Number of events indexed yesterday for an index

peter_gianusso · ‎10-31-2013

Simple one that I cannot find an answer to.

I would like to know the number of events indexed yesterday for the index ili_imaging_index

thanks

Ayn · ‎10-31-2013

Simple (but inefficient) solution:

index=ili_imaging_index earliest=-1d@d latest=@d | stats count

Somewhat more complex but much faster solution: run this scheduled search at midnight every day:

| metadata type=hosts index=ili_imaging_index | stats sum(totalCount) as totalCount

Enable summary indexing for this search, then use the difference between the totalCount values for two consecutive days to calculate how many events were indexed.

View solution in original post

Ayn · ‎10-31-2013

Simple (but inefficient) solution:

index=ili_imaging_index earliest=-1d@d latest=@d | stats count

Somewhat more complex but much faster solution: run this scheduled search at midnight every day:

| metadata type=hosts index=ili_imaging_index | stats sum(totalCount) as totalCount

Enable summary indexing for this search, then use the difference between the totalCount values for two consecutive days to calculate how many events were indexed.

Number of events indexed yesterday for an index

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud

Join the Conversation

Number of events indexed yesterday for an index

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud