Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

See Gigabytes Added to Each Index in Last 24 hours

davespatz
Explorer
‎09-19-2015 02:03 PM

Issue:

Various internal groups pay for space in Splunk based on their needs. For example, dev teams paid for 40GB's for their application logs while Exchange team paid for 20GB's per day (just two examples). I need to be able to say if one team is exceeding what they paid for internally. We will only have two indexers so I can't separate by indexer so looks like I can't create license pools either by indexer (both indexers we have are used for everything).

Question:
If I just create separate indexes for each group, how can I see how much data was added to the index each day?

Tags (1)
0 Karma
Reply

masonmorales
Influencer
‎09-19-2015 10:53 PM

If you don't like the license reports that ship with Splunk, check out: https://splunkbase.splunk.com/app/2678/

0 Karma
Reply

badrinath_itrs
Communicator
‎09-19-2015 08:27 PM

Hi,

This has been answered several times, you can always take a look into the License Usage report and can also do a split based on host, source, sourcetype and index.

Here is the detailed documentation .

http://docs.splunk.com/Documentation/Splunk/6.2.5/Admin/AboutSplunksLicenseUsageReportView

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...