Been poking around and trying to figure out how to pull up how much data has been sent from a specific host.
For example host 123 is sending CPU data every 10sec, how much data is that over the course of time = "X"
Most Recent Activity:
by ChrisG ♦
Up to 2 attachments (including images) can be used with a maximum of 524288 each and 1048576 total.
This should do it - this shows how much data has been indexed from various hosts
index=_internal source=*metrics.log group="tcpin_connections"
| eval sourceHost=if(isnull(hostname), sourceHost,hostname)
| stats sum(kb) as KB by sourceHost | eval KB = round(KB)
Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.
Answers and Comments
No one has followed this question yet.
Data input sql - latest indexed time
I can't see my data
Stop data flowing into 1 of my Indexes
Deleting Data Source.
Indexed data size issue