Indexes size and EPS

Description: SPL request to display by index : Index name Index size Events sum, min, avg, max, perc95 Events sum, min, avg, max, perc95 to work hours (8am-6pm) Required: Splunk license Query:

Continue Reading →

List all your existing indexes or check if index exists

With this spl you can check what indexes exist or if you want to search for a specific index. List all indexes:

Or check if a specific index exist use:

Continue Reading →

Detect Dying Sourcetypes

This alert is used for looking at a prior dataset of indexes and sourcetypes reporting over time, and then involves pairing to a closer, temporal dataset. Appending the results allows you to view sourcetypes that have stopped reporting, but existed in the prior period.  

Continue Reading →