Spread our blog

How to Find the Memory Consumption of Metadata and Indexes in Splunk

Hello Guys!!!  Have you ever thought of knowing the resource usage of your Splunk metadata and the indexes?

We are going to let you know the Splunk Search Processing Language ( SPL ) through which you can easily investigate the usage of system resources for the Splunk Metadata ( Host, Source and Sourcetype ) and Indexes.

How to find the Memory Consumption by Host

We can easily find the memory usage of hosts in Splunk by the following query :

index="_*" OR index="*" source=*metrics.log 
| eval GB=kb/(1024*1024)
| search group="per_host_thruput"
| timechart span=1d eval(round(sum(GB),4)) by series limit=20

Result:

host

host1

Explanation:

In the above query we have taken all the index and source=*metrics.log where all  the memory related information  are stored. There is a field called kb where you can see the usage in kb. By the eval command we have converted kb into GB. Also there is a field called group.We have taken group  as per_host_thruput for taking the data of hosts. By the timechart command we have taken the value of GB on time basis. By the round function we have taken GB value upto 4 decimal point . Here bubai is the host name. Here we have shown the data on per day basis.

***************************************************************************

How to find the Memory Consumption by Source

We can easily find the memory usage of sources in Splunk by following query :

index="_*" OR index="*" source=*metrics.log 
| eval GB=kb/(1024*1024)
| search group="per_source_thruput"
| timechart span=1d eval(round(sum(GB),4)) by series limit=20

Result:

source

source1

Explanation:

In the above query we have taken all the index and source=*metrics.log where all  the memory related information  are stored. There is a field called kb where you can see the usage in kb. By the eval command we have converted kb into GB. Also there is a field called group.We have taken group  as per_source_thruput for taking the data of sources. By the timechart command we have taken the value of GB on time basis. By the round function we have taken GB value upto 4 decimal point. Here we have shown the data on per day basis.

You can also know about :  Donut Custom Visualization - Drilldown

**********************************************************************

How to find the Memory Consumption by Sourcetype

We can easily find the memory usage of sourcetypes in Splunk by following query :

index="_*" OR index="*" source=*metrics.log 
| eval GB=kb/(1024*1024)
| search group="per_sourcetype_thruput"
| timechart span=1d eval(round(sum(GB),4)) by series limit=20

Result:

sourcetype

sourcetype1

Explanation:

In the above query we have taken all the index and source=*metrics.log where all  the memory related information  are stored. There is a field called kb where you can see the usage in kb. By the eval command we have converted kb into GB. Also there is a field called group.We have taken group  as per_sourcetype_thruput for taking the data of sourcetypes. By the timechart command we have taken the value of GB on time basis. By the round function we have taken GB value upto 4 decimal point. Here we have shown the data on per day basis.

***********************************************************************

How to find the Memory Consumption by Indexes

We can easily find the memory usage of indexes in Splunk by following query :

index="_*" OR index="*" source=*metrics.log 
| eval GB=kb/(1024*1024)
| search group="per_index_thruput"
| timechart span=1d eval(round(sum(GB),4)) by series limit=20

Result:

index

index1

Explanation:

In the above query we have taken all the indexes and source=*metrics.log where all  the memory related information are stored. There is a field called kb where you can see the usage in kb. By the eval command we have converted kb into GB. Also there is a field called group.We have taken group  as per_index_thruput for taking the data of indexes. By the timechart command we have taken the value of GB on time basis. By the round function we have taken GB value upto 4 decimal point. Here we have shown the data on per day basis.

You can also know about :  How To Add Time In The Dashboard Panel

Hope this has helped you in achieving the below requirement without fail :

How to Find the Memory Consumption of Metadata and Indexes in Splunk

Happy Splunking !!

What’s your Reaction?
+1
+1
+1
+1
+1
1
+1
+1

Spread our blog

LEAVE A REPLY

Please enter your comment!
Please enter your name here