Dashboard to measure Indexes and Sourcetypes, based upon first and last date of events

This dashboard will use REST API endpoints to grab a list of all indexes and then map out by sourcetype how many events when the first one was (based upon _time) and the last. Then does basic date math to show how long of a period that is as retention (though it does not show the configured retention information.)

Share This:

Leave A Comment?