Splunk search for Indexes that are more than 75% full

Copy
| rest /services/data/indexes-extended | table title currentDBSizeMB maxTotalDataSizeMB | eval perc_full=round(currentDBSizeMB/maxTotalDataSizeMB*100, 2) | search perc_full>=75
This search will find any indexes that are currently greater than or equal to 75% of their maxTotalDataSizeMB. This search could easily be modified to show indexes that are using a very small percentage of their allowable size by changing the final search command (search perc_ful>=75).
0 comments

Category:

General Splunk


Tags:

rest audit indexes

Search Commands:

Sign in or Register to submit a comment