Hi Martin,
Thanks! I got the result now. But can you explain more what this query is about?
Looks it's telling me the big log file that indexed by splunk order by file size, which yes that what I am looking for, but what confused me is the size of the reported file,
3027102191 bytes = 2.8 GB , 2636882398 bytes = 2.45 GB , 616384496 = 587.8 MB,
But I really don't have files in such big size, they are all just no more than 15 MB, why splunk found that are so big?
And from the license usage history, my exceedings are all about 1GB indexes, I have never see 1 day that indexed 2 GB file.
Thanks
... View more