Show how much disk space is used by _internal

The following Splunk query will return disk space used by the _internal index.

Continue Reading →

License Usage Prediction

There is an older Splunk query here that had previously predicted license usage. I’m not sure why (perhaps the predict command has changed since the original post in 2015?), but the query is no longer working. I’ve updated the query to predict Splunk license usage using the Splunk predict command as shown below:

 

Continue Reading →

Show all Indexes and Sourcetypes via REST

The following Splunk query uses REST to display non internal indexes associated with sourcetypes. It is my understanding that this is all time (such is the way of REST searches)

Continue Reading →