Deployment Architecture

How can I calculate log transfer traffic from a particular host?

aparkale
New Member

How to check event log size in MB of particular host in index?
calculate log transfer traffic from particular host to Splunk cloud.

0 Karma

aparkale
New Member

I have changed the index= host= but still it doesn't provide any output.

0 Karma

alemarzu
Motivator

Try like this,

index=_internal host="*" source=*license_usage.log type="Usage" | stats sum(b) as b by h | eval mb=round(b/1024/1024, 3)
0 Karma

aparkale
New Member

still doesn't work for me...

0 Karma

alemarzu
Motivator

The above query will show you a table for all your hosts (UF's), bytes and MBs for each one of them. This is working for me, please check what @esix said.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Change the host="*" to the host="hostnameofinterest".. You need to make sure that the host is forwarding its logs to the indexer(s) and that your search head(s) are searching those indexers.

0 Karma

alemarzu
Motivator

Hi there @aparkale

Please try this search on your license master OR you can run it on your Search Head if you are forwarding internal logs to the Indexer.

index=_internal host=<HOSTNAME,IP> source=*license_usage.log type="Usage" | stats sum(b) as b by h | eval mb=round(b/1024/1024, 3)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...