Installation

How to determine daily volume usage in GB for single host

OMohi
Path Finder

I would like to know whether there is a query to determine log volume usage for a single host in splunk

Tags (1)
0 Karma

kristian_kolb
Ultra Champion

Yes.

The question is how you define host, but if you have a forwarder on the machine in question, and the app SplunkDeploymentMonitor installed on your indexer/search head, you can see the daily log volumes quite easily by clicking around.

You could always fall back on;

host=XYZ | eval size = len(_raw) | timechart span=1d sum(size) by host

run this over 'previous week' or something like that. NB, depending on the amount of events, this may take time.

/K

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...