How to check event log size in MB of particular host in index?
calculate log transfer traffic from particular host to Splunk cloud.
I have changed the index= host= but still it doesn't provide any output.
Try like this,
index=_internal host="*" source=*license_usage.log type="Usage" | stats sum(b) as b by h | eval mb=round(b/1024/1024, 3)
still doesn't work for me...
The above query will show you a table for all your hosts (UF's), bytes and MBs for each one of them. This is working for me, please check what @esix said.
Change the host="*" to the host="hostnameofinterest".. You need to make sure that the host is forwarding its logs to the indexer(s) and that your search head(s) are searching those indexers.
Hi there @aparkale
Please try this search on your license master OR you can run it on your Search Head if you are forwarding internal logs to the Indexer.
index=_internal host=<HOSTNAME,IP> source=*license_usage.log type="Usage" | stats sum(b) as b by h | eval mb=round(b/1024/1024, 3)