Solved: Stats Around Events and Sources

andrewkenth · ‎03-25-2014

Is there an internal search I can run that will return the number of events loaded to date and number of files (sources) loaded to date?

I can obviously run searches similar to what I have below and accelerate them but I was wondering if there was a better way to do it.

 ... | stats count first(_time) by source | stats count(source)

or

.... | stats count first(_time) by source

linu1988 · ‎03-25-2014

Hello,
You may get that from the metadata command.

|metadata type=sources

will provide you all the sources from where you got the events

|metadata type=sources|stats sum(totalCount) as "Total Events"

Provides you the total number of events till date

Thanks

linu1988 · ‎03-25-2014

Hello,
You may get that from the metadata command.

|metadata type=sources

will provide you all the sources from where you got the events

|metadata type=sources|stats sum(totalCount) as "Total Events"

Provides you the total number of events till date

Thanks

somesoni2 · ‎03-25-2014

Another option for total events counts across all indexes:

| eventcount summarize=false index=* |stats sum(count) as TotalEvents

For total no of files loaded
|metadata type=sources | stats count

Stats Around Events and Sources