Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- how to calculate the data received per day?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pacifikn
Communicator
05-04-2021
12:04 AM
Greetings!!
Dear all!
Hope you are well.
I need your support on how to calculate the size of events we received per day, for instance, if you want to check the size of each data we have received in one week?
I am using Splunk enterprise (Linux server)
Thank you in advance!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aasabatini
Motivator
05-04-2021
01:34 AM
Hi @pacifikn
try this search
index=_internal source=*license_usage.log | eval GB=b/1024/1024/1024 | stats sum(GB) by h | sort -sum(GB)
“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pacifikn
Communicator
05-04-2021
03:31 AM
help me also on How to calculate the percentage of Daily license used? I mean per day?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aasabatini
Motivator
05-04-2021
01:34 AM
Hi @pacifikn
try this search
index=_internal source=*license_usage.log | eval GB=b/1024/1024/1024 | stats sum(GB) by h | sort -sum(GB)
“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pacifikn
Communicator
05-04-2021
02:48 AM
Thank you so much @aasabatini for your prompt response,
This works well for each source, Is there anyhow you could also calculate the total size of all sources we have received?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aasabatini
Motivator
05-04-2021
02:58 AM
Hi @pacifikn
index=_internal source=*license_usage.log | eval GB=b/1024/1024/1024 | stats sum(GB) as volume_in_GB by idx s st | sort - volume_in_GB
| rename idx AS index s AS source st AS sourcetypeif this search help karma point is appreciated
Alessandro
“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Get Updates on the Splunk Community!
Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...
Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...
Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...
Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...
Reduce and Transform Your Firewall Data with Splunk Data Management
Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...
