Splunk Search

Determine daily change rate for ESXi Hosts

slittle1874
New Member

Hello, we need to determine the Daily Change rate for logs on our ESXi Hosts (deployment sizing).

Can anyone offer any good advice on how to calculate this value?

Logs we are targeting are ...

/var/log/hostd.log
/var/log/auth.log
/var/log/syslog.log

            Size (k)                

-rw------- 1 root root 4.5 Jan 4 21:26 auth.log

-rwx------ 1 root root 73.8 Jan 4 21:25 hostd-probe.log
-rwx------ 1 root root 56.6 Jan 4 15:20 hostd-probe.0.gz
-rwx------ 1 root root 56.5 Jan 1 2:20 hostd-probe.1.gz
-rwx------ 1 root root 56.4 Dec 28 13:20 hostd-probe.2.gz
-rwx------ 1 root root 56.4 Dec 25 0:20 hostd-probe.3.gz
-rwx------ 1 root root 56.6 Dec 21 11:20 hostd-probe.4.gz
-rwx------ 1 root root 56.5 Dec 17 22:15 hostd-probe.5.gz
-rwx------ 1 root root 56.5 Dec 14 9:15 hostd-probe.6.gz
-rwx------ 1 root root 56.4 Dec 10 20:15 hostd-probe.7.gz

-rw------- 1 root root 177.9 Jan 4 21:29 hostd.log
-rwx------ 1 root root 527.9 Jan 4 20:19 hostd.0.gz
-rwx------ 1 root root 510.8 Dec 31 7:10 hostd.1.gz
-rwx------ 1 root root 561.4 Dec 26 20:28 hostd.2.gz
-rwx------ 1 root root 588.6 Dec 22 9:54 hostd.3.gz
-rwx------ 1 root root 539.7 Dec 17 22:56 hostd.4.gz
-rwx------ 1 root root 531.4 Dec 13 14:10 hostd.5.gz
-rwx------ 1 root root 530.7 Dec 9 11:08 hostd.6.gz
-rwx------ 1 root root 541.9 Dec 5 10:50 hostd.7.gz
-rwx------ 1 root root 638 Dec 1 9:48 hostd.8.gz
-rwx------ 1 root root 574.5 Nov 28 13:44 hostd.9.gz

-rwx------ 1 root root 350.7 Jan 4 21:29 syslog.log
-rwx------ 1 root root 17.8 Jan 4 20:26 syslog.0.gz
-rwx------ 1 root root 20.1 Jan 4 17:41 syslog.1.gz
-rwx------ 1 root root 19 Jan 4 14:57 syslog.2.gz
-rwx------ 1 root root 18.8 Jan 4 11:26 syslog.3.gz
-rwx------ 1 root root 19.2 Jan 4 7:51 syslog.4.gz
-rwx------ 1 root root 19 Jan 4 4:19 syslog.5.gz
-rwx------ 1 root root 18.9 Jan 4 0:41 syslog.6.gz
-rwx------ 1 root root 19.1 Jan 3 21:02 syslog.7.gz

-rwx------ 1 root root 913.8 Jan 4 16:35 vmauthd.log
-rwx------ 1 root root 60.4 Nov 6 8:06 vmauthd.0.gz
-rwx------ 1 root root 63 Sep 15 20:51 vmauthd.1.gz
-rwx------ 1 root root 49.6 Aug 16 19:28 vmauthd.2.gz
-rwx------ 1 root root 48.8 Aug 16 7:53 vmauthd.3.gz
-rwx------ 1 root root 49 Aug 15 20:24 vmauthd.4.gz
-rwx------ 1 root root 49.2 Aug 15 9:00 vmauthd.5.gz
-rwx------ 1 root root 0 Aug 1 17:32 vmsyslogd-dropped.log

Tags (1)
0 Karma

DalJeanis
SplunkTrust
SplunkTrust

When you say "daily change rate", what, specifically, do you mean?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...