Use REST to gather Index Info

Here is some SPL to get useful information via REST on indexes within your Splunk environment:

| REST /services/data/indexes
| eval currentDBSizeMB=tostring(currentDBSizeMB, "commas")
| eval totalEventCount=tostring(totalEventCount, "commas")
| eval frozenTimePeriodInHours=(frozenTimePeriodInSecs/60/60)
| table title splunk_server currentDBSizeMB frozenTimePeriodInHours maxTime minTime totalEventCount
Share This:

Leave A Comment?