|
This can achieve this by running below command on Supervisor cli :
- Check disk usage per table:
This query lists the on-disk size of all active tables:
clickhouse-client --query="SELECT table, formatReadableSize(sum(bytes)) AS size FROM system.parts WHERE active GROUP BY table ORDER BY sum(bytes) DESC;"
Example Output:
trace_log 1022.36 MiB
query_log 712.90 MiB
metric_log 542.32 MiB
asynchronous_metric_log 495.25 MiB
events_replicated 267.17 MiB
part_log 150.78 MiB
summary 79.15 KiB
This provides the exact on-disk space consumed by each table.
- Estimate per-device data volume (raw event size).
The following query calculates the total uncompressed raw event size for each device (reptDevIpAddr):
clickhouse-client --query="SELECT reptDevIpAddr, SUM(rawEventSize) AS total_raw_event_size FROM fsiem.events_replicated GROUP BY reptDevIpAddr ORDER BY total_raw_event_size DESC;"
Example Output:
::ffff:10.5.146.54 2311644121
::ffff:10.5.149.13 1973075826
::ffff:10.5.130.95 124123927
::ffff:54.239.28.85 45865423
This shows the cumulative raw event bytes per device.
(Note: These are uncompressed values and do not represent exact on-disk usage.)
- Human-readable per-device size estimate.
To get a more readable and closer approximation using the materialized _raw_event_size column:
clickhouse-client --query=" SELECT device, c, avg_raw_bytes, formatReadableSize(toUInt64(c * avg_raw_bytes)) AS approx_by_rawsize FROM ( SELECT toString(reptDevIpAddr) AS device, count() AS c, avg(_raw_event_size) AS avg_raw_bytes FROM fsiem.events_all WHERE reptDevIpAddr IS NOT NULL AND toString(reptDevIpAddr) != '::' GROUP BY device ORDER BY c DESC LIMIT 50 ); "
Example Output:
::ffff:10.5.146.54 12,827,883 180.28 2.15 GiB
::ffff:10.5.149.13 10,090,675 195.65 1.84 GiB
::ffff:10.5.130.95 282,707 439.06 118.37 MiB
::ffff:54.239.28.85 38,533 1190.47 43.75 MiB
This provides an estimated per-device data size based on the actual event payload length.
|
