Total Data Volume for All Partitions & Scheduled Views

This query requires that the Data Volume Index is turned on in your account. Administrators can turn this on via Manage -> Account -> Data Management * _index=sumologic_volume |where _sourceCategory="view_volume" | parse regex "(?\"[^\"]+\")\:\{\"sizeInBytes\"\:(?\d+),\"count\"\:(?\d+)\}" multi | split view extract 1 as view | bytes/1024/1024/1024 as gbytes | sum(gbytes) as gbytes by view | total gbytes as total_gbytes | gbytes/total_gbytes*100 as percent_of_total | num(percent_of_total) as percent_of_total | num(gbytes) as gbytes| format("%.2f",percent_of_total) as percent_of_total | format("%.2f",gbytes) as gbytes | sort by gbytes | fields view, gbytes, percent_of_total Notes 1.) The views called _sumologic_report_* are scheduled views created by optimized interactive dashboards. 2.) To add two more decimals, make this change: BEFORE | format("%.2f",gbytes) as gbytes AFTER | format("%.4f",gbytes) as gbytes 3.) You can easily reuse this query to look at your volume by Source, Source Name, Source Host, Source Category, or Collector by modifying the first line: BEFORE * _index=sumologic_volume|where _sourceCategory="view_volume" AFTER * _index=sumologic_volume|where _sourceCategory="sourcecategory_volume" OR * _index=sumologic_volume|where _sourceCategory="collector_volume" 4.) Aggregate Scheduled Views currently show 0 for size.