AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Splunk stats by index12/28/2023 ![]() ![]() | eval minTime = case(minTime >= "0", minTime) | table title maxTime minTime frozenTimePeriodInSecs | join type=outer index [| rest /services/data/indexes-extended | eval raw_size_gb = round(raw_size / 1024 / 1024 / 1024, 2) | fields index raw_size_gb event_count buckets | stats sum(raw_size) AS raw_size sum(event_count) AS event_count dc(bucketId) AS buckets BY index | stats max(rawSize) AS raw_size max(eventCount) AS event_count BY bucketId, index Now try the following which combines both (thank you Splunk!): ![]() For this exercise, lets try copying and pasting the following RESTful search into your Splunk search bar to see what data is returned:įigure 2: Results of the restful search (remember to scroll right)įigure 3: Column headers from dbinspect (remember to scroll right) The second requires more calculation and is less efficient. The first uses a RESTful call and provides detailed information about indexes. There are at least two places within Splunk to discover index information. This dashboard will give it to you and do it fast! As a bonus we will provide the dashboard code at the end of the article.įinding detailed index information quickly
0 Comments
Read More
Leave a Reply. |