cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
kcliff
Engager
Member since: ‎02-17-2023
‎02-20-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎02-17-2023
View All

Re: Is it possible to find the storage (logs) used...

by SplunkTrust in Splunk Search
‎02-19-2023 01:46 AM
1 Karma
‎02-19-2023 01:46 AM
1 Karma
Assuming your data contains a field named "application", it would simply be ((index="digconn-timeser-prod") (kubernetes.container_name="*conn-server*")) | stats sum(eval(len(_raw))) as logsize by application If you have to derive application from kubernetes.container_name, do something like the following: ((index="digconn-timeser-prod") (kubernetes.container_name="*conn-server*")) | rex field=kubernetes.container_name "(?<application>conn-server-\w+)" | stats sum(eval(len(_raw))) as logsize by application ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-20-2023 08:29 PM
Karma given to
View All