I use this search to get a chart of per-host indexing volume:

index="_internal" source="*metrics.log" per_host_thruput | chart sum(kb) by series

An easy change to that is to search by the hostname in the series field:

index="_internal" source="*metrics.log" per_host_thruput series=some-host-name | stats sum(kb)

For extra fun, lets look at 30 day trends:

index="_internal" source="*metrics.log" per_host_thruput series=some-host-name earliest=-30d@d latest=@d | timechart span=1d sum(kb)