Hi,
I would like to monitor a specific index and get the following information: source - name oldest searchable event by source.
I understand the basics of dbinspect that it will display the s...
Splunk version 7.3.6 When I run | dbinspect index=* I receive the expected output but only for hot/warm buckets. Is this normal behavior? Is there any way to obtain t...
Oh Hai Splunkers!
I've been trying to find out how much disk is being used and the associated compression ratio for a specific index. There's been some great examples using dbinspect like the f...
I this search below to calculate compression rate of my index
| dbinspect index=myIndexName
| stats sum(rawSize) AS rawTotal, sum(sizeOnDiskMB) AS diskTotalinMB
| eval rawTotalinMB=(rawTotal / 1...
...xperience on this?
The chief advantage of doing a | dbinspect search is you can run that while Splunk is running. If you have searchhead affinity turned on in a multi-site index cluster then I'd i...
Hello guys,
Could you let me know the difference in terms of buckets between :
| dbinspect *search* and *search* | eval bkt=_bkt | table bkt ?
It looks like dbinspect returns more r...
...eport is generated by the search " | dbinspect bins=400 ". The documentation could use a little more detail. Is it correct to assume the default index is main?
I've got accelerated reporting searches. I know that the summary data "lives and dies" with the raw indexed data, unlike a traditional summary index. How can I tell the impact (in disk space) of a re...
I was using dbinpect to calculates the first and last events in my buckets.
In splunk 4.* and 5.*, it was returning 2 fields earliestTime and latestTime as a date in my SH timezone.
But I do not...
I'm trying to write a dbinspect query to calculate the # of days of data that is stored in our hot/warm storage partition and our cold storage partition, for each index. So for example trying to g...