cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
hmasciave
Observer
Member since: ‎12-02-2022
‎12-05-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-02-2022
View All

Re: Looking to find the size of fields in a partic...

by in Splunk Cloud Platform
‎12-05-2022 01:30 PM
‎12-05-2022 01:30 PM
@PickleRickThank you for that. Sounds like I won't be able to get this kind of data then. Appreciate the response. ... View more

Re: Looking to find the size of fields in a partic...

by in Splunk Cloud Platform
‎12-05-2022 12:51 PM
‎12-05-2022 12:51 PM
Thank you both for the feedback. I am not sure what the value in the search represents. Is that the amount of events, size in GB, etc.? The search below works. Given the numerous fields I just want to find the amount of data in these various fields so we can see where most of our data is sitting. Seeing the amount of data in an index and sourcetype are great but we need to dig deeper within the data to see where most of the data is logging. index=index_name | eval raw_len=(len(_raw)/1024/1024/1024) | stats sum(raw_len) as GB by field_name | sort -GB ... View more

How to find the size of fields in a particular ind...

by in Splunk Cloud Platform
‎12-02-2022 09:43 AM
‎12-02-2022 09:43 AM
We are looking to see the size of all the fields in a particular index. We have come up with this search to see the size of a particular field but we would like to see the size of all the fields in the index in order to understand where the bulk of the data is sitting. index=index_name | eval raw_len=(len(_raw)/1024/1024/1024) | stats sum(raw_len) as GB by field_name | sort -GB ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-05-2022 04:51 PM