List KV Store collections by size (in bytes)

You can list the KV Store collections by size (in bytes) using the following search:

| rest splunk_server=local /services/server/introspection/kvstore/collectionstats | mvexpand data | spath input=data | rex field=ns "(?<app_name>.*)\\.(?<collection_name>.*)" | rename size as collection_size_in_bytes | eval time = now() | fields app_name, collection_name, collection_size_in_bytes, time | where collection_size_in_bytes > 0 | sort -collection_size_in_bytes