I have a search string "xyz" now how can i calculate how much amount of date got generated with that particular search in terms of Mega bytes or giga bytes?
Is it possible to find out
Note :- "xyz" is a search string and it's not a field
Try this inefficient/not 100% accurate method
your base search "xyz" | eval b=len(_raw) | stats sum(b) as b | eval mb=round(b/1024/1024,2) | eval gb=round(b/1024/1024/1024,2)
View solution in original post
