Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

See Gigabytes Added to Each Index in Last 24 hours

davespatz
Explorer
‎09-19-2015 02:03 PM

Issue:

Various internal groups pay for space in Splunk based on their needs. For example, dev teams paid for 40GB's for their application logs while Exchange team paid for 20GB's per day (just two examples). I need to be able to say if one team is exceeding what they paid for internally. We will only have two indexers so I can't separate by indexer so looks like I can't create license pools either by indexer (both indexers we have are used for everything).

Question:
If I just create separate indexes for each group, how can I see how much data was added to the index each day?

Tags (1)
0 Karma
Reply

masonmorales
Influencer
‎09-19-2015 10:53 PM

If you don't like the license reports that ship with Splunk, check out: https://splunkbase.splunk.com/app/2678/

0 Karma
Reply

badrinath_itrs
Communicator
‎09-19-2015 08:27 PM

Hi,

This has been answered several times, you can always take a look into the License Usage report and can also do a split based on host, source, sourcetype and index.

Here is the detailed documentation .

http://docs.splunk.com/Documentation/Splunk/6.2.5/Admin/AboutSplunksLicenseUsageReportView

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...