Splunk Search

Command or search to list index statistics?

the_wolverine
Champion

We've disabled the UI for our indexers so don't have access to the manager UI for them. The search head UI only shows stats for it's own indexes. How do I list out the stats for my indexer's indexes. I'm interested in current size, last event indexed, and also hotdb/warmdb/colddb counts.

Sure, I could go to the filesystem to look this up but would be nice if there were a search I could run to get this or a splunk command that will list this out from one place for all indexers, if possible.

Simeon
Splunk Employee
Splunk Employee

As confirmed by the gkanapathy, you cannot run dbinspect on other machines from the UI. However, you can use the -uri option via command line.

./splunk dispatch "| dbinspect index=myindex" -uri https://<server>:8089

gkanapathy
Splunk Employee
Splunk Employee

Please file an ER to request distributed search support for the dbinspect command. Currently dbinspect only returns results from the local machine. For now, you would have to run dbinspect on each indexer an aggregate the results together.

0 Karma

Brian_Osburn
Builder

I've opened one previously for this.

0 Karma

Brian_Osburn
Builder

Take a look at this http://answers.splunk.com/questions/6147/how-to-generate-a-report-on-multiple-indexes.

It's basically a perl script that I wrote that parses the indexes.conf and uses the dbinspect command functionality to get the information you're looking for.

Unfortunately, the dbinspect command doesn't allow wildcards, hence the parsing of the indexes.conf file.

Brian

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...