splunk-queries
This is an old revision of the document!
Table of Contents
Splunk Queries
Count Events per Index
| tstats count WHERE index=* OR index=_* by index
List Indexes
| eventcount summarize=false index=* | dedup index | fields index
Events per Host / Index / Sourcetype
| tstats count as EVENTS_PER_HOST where index=* by index,sourcetype,host | table * | sort by index
Ingestion by Index
index=_internal sourcetype=splunkd source=*license_usage.log type=Usage | stats sum(b) as bytes by idx | eval mb=round(bytes/1024/1024,3)
Export Lookup file
| inputlookup my_lookup.csv
List of Macros
| rest /servicesNS/-/-/admin/macros count=0
splunk-queries.1707817623.txt.gz · Last modified: 2024/02/13 10:47 by baumi