How to Find the Memory Consumption of Metadata and Indexes in Splunk
Hello Guys!!! Have you ever thought of knowing the resource usage of your Splunk metadata and the indexes?
We are going to let you know the Splunk Search Processing Language ( SPL ) through which you can easily investigate the usage of system resources for the Splunk Metadata ( Host, Source and Sourcetype ) and Indexes.
How to find the Memory Consumption by Host
We can easily find the memory usage of hosts in Splunk by the following query :
index="_*" OR index="*" source=*metrics.log | eval GB=kb/(1024*1024) | search group="per_host_thruput" | timechart span=1d eval(round(sum(GB),4)) by series limit=20
Result:
Explanation:
In the above query we have taken all the index and source=*metrics.log where all the memory related information are stored. There is a field called kb where you can see the usage in kb. By the eval command we have converted kb into GB. Also there is a field called group.We have taken group as per_host_thruput for taking the data of hosts. By the timechart command we have taken the value of GB on time basis. By the round function we have taken GB value upto 4 decimal point . Here bubai is the host name. Here we have shown the data on per day basis.
***************************************************************************
How to find the Memory Consumption by Source
We can easily find the memory usage of sources in Splunk by following query :
index="_*" OR index="*" source=*metrics.log | eval GB=kb/(1024*1024) | search group="per_source_thruput" | timechart span=1d eval(round(sum(GB),4)) by series limit=20
Result:
Explanation:
In the above query we have taken all the index and source=*metrics.log where all the memory related information are stored. There is a field called kb where you can see the usage in kb. By the eval command we have converted kb into GB. Also there is a field called group.We have taken group as per_source_thruput for taking the data of sources. By the timechart command we have taken the value of GB on time basis. By the round function we have taken GB value upto 4 decimal point. Here we have shown the data on per day basis.
**********************************************************************
How to find the Memory Consumption by Sourcetype
We can easily find the memory usage of sourcetypes in Splunk by following query :
index="_*" OR index="*" source=*metrics.log | eval GB=kb/(1024*1024) | search group="per_sourcetype_thruput" | timechart span=1d eval(round(sum(GB),4)) by series limit=20
Result:
Explanation:
In the above query we have taken all the index and source=*metrics.log where all the memory related information are stored. There is a field called kb where you can see the usage in kb. By the eval command we have converted kb into GB. Also there is a field called group.We have taken group as per_sourcetype_thruput for taking the data of sourcetypes. By the timechart command we have taken the value of GB on time basis. By the round function we have taken GB value upto 4 decimal point. Here we have shown the data on per day basis.
***********************************************************************
How to find the Memory Consumption by Indexes
We can easily find the memory usage of indexes in Splunk by following query :
index="_*" OR index="*" source=*metrics.log | eval GB=kb/(1024*1024) | search group="per_index_thruput" | timechart span=1d eval(round(sum(GB),4)) by series limit=20
Result:
Explanation:
In the above query we have taken all the indexes and source=*metrics.log where all the memory related information are stored. There is a field called kb where you can see the usage in kb. By the eval command we have converted kb into GB. Also there is a field called group.We have taken group as per_index_thruput for taking the data of indexes. By the timechart command we have taken the value of GB on time basis. By the round function we have taken GB value upto 4 decimal point. Here we have shown the data on per day basis.
Hope this has helped you in achieving the below requirement without fail :
How to Find the Memory Consumption of Metadata and Indexes in Splunk
Happy Splunking !!