Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: how to calculate the data received per day?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pacifikn
Communicator
05-04-2021
12:04 AM
Greetings!!
Dear all!
Hope you are well.
I need your support on how to calculate the size of events we received per day, for instance, if you want to check the size of each data we have received in one week?
I am using Splunk enterprise (Linux server)
Thank you in advance!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aasabatini
Motivator
05-04-2021
01:34 AM
Hi @pacifikn
try this search
index=_internal source=*license_usage.log | eval GB=b/1024/1024/1024 | stats sum(GB) by h | sort -sum(GB)
“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pacifikn
Communicator
05-04-2021
03:31 AM
help me also on How to calculate the percentage of Daily license used? I mean per day?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aasabatini
Motivator
05-04-2021
01:34 AM
Hi @pacifikn
try this search
index=_internal source=*license_usage.log | eval GB=b/1024/1024/1024 | stats sum(GB) by h | sort -sum(GB)
“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pacifikn
Communicator
05-04-2021
02:48 AM
Thank you so much @aasabatini for your prompt response,
This works well for each source, Is there anyhow you could also calculate the total size of all sources we have received?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aasabatini
Motivator
05-04-2021
02:58 AM
Hi @pacifikn
index=_internal source=*license_usage.log | eval GB=b/1024/1024/1024 | stats sum(GB) as volume_in_GB by idx s st | sort - volume_in_GB
| rename idx AS index s AS source st AS sourcetypeif this search help karma point is appreciated
Alessandro
“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Get Updates on the Splunk Community!
Index This | When is October more than just the tenth month?
October 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Observe and Secure All Apps with Splunk
Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...
What’s New & Next in Splunk SOAR
Security teams today are dealing with more alerts, more tools, and more pressure than ever. Join us for an ...
