I think the collectord usage dashboard calculates the Host licensing incorrectly. I believe the licensing should be the max number of hosts per hour. Currently, if I look over the last 24 hours (The default for the dashboard), it counts all unique instance_ids for that 24 hour period. Should it not count unique instances per hour and then take that max number?
If I misunderstood the licensing calculation or am just way off base, please let me know.
I put my updated search below.
Thank you.
'macro_kubernetes_logs_collectord_license_check'
| bucket _time span=1h
| stats dc(instance_id) as node_license_count
latest(version) as version,
latest(build_date) as build_date,
latest(license_id) as license_id,
latest(expiration) as expiration,
latest(limit) as limit,
latest(created_at) as created_at,
latest(host) as host,
latest(check_success) as check_success,
latest(valid) as valid,
latest(err_points) as err_points,
latest(started_at) as started_at,
latest(message) as message
by _time
| eval LicenseID=coalesce(license_id, "trial - " + instance_id)
| eval expiration=coalesce(nullif(if(expiration<0, 0, expiration), 0), "")
| eval ExpirationDays=floor((expiration-now())/60/60/24)
| eval Limit=coalesce(nullif(limit, 0), "")
| stats max(node_license_count) as "Count", min(ExpirationDays) as ExpirationDays, max(Limit) as Limit by LicenseID
| eval Usage=round((Count/Limit)*100, 2)
| eval Limit=coalesce(nullif(Limit, ""), "-")
| eval ExpirationDays=coalesce(nullif(ExpirationDays, ""), "-")
| eval Usage=coalesce(nullif(Usage, ""), "-")
| sort ExpirationDays
| table LicenseID, Limit, Count, Usage, ExpirationDays
