Dashboards & Visualizations

Using Splunk Enterprise Search and Reporting

maryamchar
Explorer

hello,

I would like to show my daily usage of Splunk Volume, but also have a second graph represent how much it will be needed for 6 months volume with total.

Tags (1)
0 Karma

iamarkaprabha
Contributor

Hi ,

can you use this

 **index=_internal source=*metrics.log group="per_host_thruput" | eval GB=kb/1048576 | timechart sum(GB) as "total" by series span=1mon limit=0 | appendpipe [stats avg(*) as *]**

and set the time frame on your search for last six months

maryamchar
Explorer

My question is i want to show how much storage i need for the next 6 months and i know amount already in GB which is 10,115 GB. Now i want to make a graph and show how much i use daily and show that i haven't reached that amount for 6 months yet, How would i do that ??? And represent that in visualization

0 Karma

iamarkaprabha
Contributor

use this

  **index=_internal source=*metrics.log group="per_host_thruput" | eval GB=kb/1048576 | timechart sum(GB) as "total" by series span=1d limit=0 | appendpipe [stats avg(*) as *]**
0 Karma

maryamchar
Explorer

That's what i have originally and i asked the question because i'm trying to find volume for 6 months

0 Karma

iamarkaprabha
Contributor

You can use earliest and latest command to isolate the data of 6 month's

0 Karma

maryamchar
Explorer

I want to write a query to show how much volume usage will i need for next 6 months. I already know the exact amount that need for 6 months which is 10,115GB. But i would like to show my daily usage and show that i haven't reached that 6 months amount yet, For example show that i used 50.00/10,115 GB

0 Karma

iamarkaprabha
Contributor

Oh sorry . For next 6 month's , you have to use machine learning. There is a app called ML toolkit. By which you are write various regression techniques and show future data. Or there is a command called predict , you can use that also

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...