Hello Team,
I have heavy forwarder where am filtering 1GB file to 4MB and indexing, and now I want to get the actual file size in my search that is 1GB.
Is this possible in Splunk? If yes, how?
Note: I have a Splunk which gives me 4MB , that is indexed data, but not 4GB:
index=_internal source=*metrics* series="*my file path*" | stats sum(eval(kb/1024)) as Filesize by series | eval FilesizeMB=round(Filesize,2) | table series,FilesizeMB
Thank you in advance.
↧