splunk-queries
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| splunk-queries [2024/10/15 05:24] – baumi | splunk-queries [2024/10/15 05:26] (current) – baumi | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| ==== List Indexes ==== | ==== List Indexes ==== | ||
| < | < | ||
| - | | eventcount summarize=false index=* | dedup index | fields index | + | | eventcount summarize=false index=* |
| + | | dedup index | ||
| + | | fields index | ||
| </ | </ | ||
| ==== Count Events per Index ==== | ==== Count Events per Index ==== | ||
| Line 17: | Line 19: | ||
| ==== Events per Host / Index / Sourcetype ==== | ==== Events per Host / Index / Sourcetype ==== | ||
| < | < | ||
| - | | tstats count as EVENTS_PER_HOST where index=* by index, | + | | tstats count as EVENTS_PER_HOST where index=* by index, |
| + | | table * | ||
| + | | sort by index | ||
| </ | </ | ||
| Line 29: | Line 33: | ||
| < | < | ||
| index=_internal sourcetype=splunkd source=*license_usage.log type=Usage | index=_internal sourcetype=splunkd source=*license_usage.log type=Usage | ||
| - | | timechart span=1d sum(b) as usage by idx limit=0 | foreach * [ eval "<< | + | | timechart span=1d sum(b) as usage by idx limit=0 |
| + | | foreach * [ eval "<< | ||
| </ | </ | ||
splunk-queries.txt · Last modified: 2024/10/15 05:26 by baumi