Solved: Daily throughput of a particular index

Michael_Schyma1 · ‎12-17-2012

I am wondering how i would search the daily throughput of a specific index? Here is the search that I am trying to modify that looks at all the data indexed in prod and test enviornment, now how would i just look at index=desktop?

Index=desktop

index=_internal source=*license_usage* type=Usage | eval GB=b/1024/1024/1024  | bucket _time span=1d | stats sum(GB) AS volume by _time pool |rename _time AS Date/Time pool AS Pool volume AS Volume(GB)| convert timeformat="%m/%d/%Y %H:%M:%S %p" ctime(Date/Time)

sdaniels · ‎12-17-2012

Look at this link below in your environment and you'll see amount of data per index and you can choose the timeframe.

http://:8000/en-US/app/search/indexing_volume

Also, it is recommended to have the Splunk on Splunk App installed to monitor the health of your Splunk environment and you'll see some additional licensing volume views in there as well. I think the one above should give you what you are looking for though.

View solution in original post

sdaniels · ‎12-17-2012

Look at this link below in your environment and you'll see amount of data per index and you can choose the timeframe.

http://:8000/en-US/app/search/indexing_volume

Also, it is recommended to have the Splunk on Splunk App installed to monitor the health of your Splunk environment and you'll see some additional licensing volume views in there as well. I think the one above should give you what you are looking for though.

Daily throughput of a particular index

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!