All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Logging Volume by event

daniel333
Builder
‎05-31-2016 10:37 AM

All,

Is there an accurate way of measuring how much a specific event is using of my licensing?

I have 1000+ severs logging into index=java. A subset of hosts are logging in debug mode (priority=debug) I'd like to see how much licensing is being burned through.

thanks
-Daniel

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎05-31-2016 01:00 PM

For getting the license usage from those hosts, use this (Splunk's native license usage log, run from your license master)

index=_internal sourcetype=splunkd source=*license_usage.log i=java (h=yourhost1 OR h=yourhost2...) | timechart span=1d sum(b) as gb | eval gb=round(gb/1024/1024/1024,2)

If you're looking for license usage per event,on basis of a custom field, then there is no license usage summary provided by splunk. You can use this, not 100% accurate, slow workaround

YOur base search to get debug logs | eval b=len(_raw) | timechart span=1d sum(b) as gb | eval gb=round(gb/1024/1024/1024,2)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎05-31-2016 01:00 PM

For getting the license usage from those hosts, use this (Splunk's native license usage log, run from your license master)

index=_internal sourcetype=splunkd source=*license_usage.log i=java (h=yourhost1 OR h=yourhost2...) | timechart span=1d sum(b) as gb | eval gb=round(gb/1024/1024/1024,2)

If you're looking for license usage per event,on basis of a custom field, then there is no license usage summary provided by splunk. You can use this, not 100% accurate, slow workaround

YOur base search to get debug logs | eval b=len(_raw) | timechart span=1d sum(b) as gb | eval gb=round(gb/1024/1024/1024,2)
0 Karma
Reply
Solved! Jump to solution

nswondem
Path Finder
‎05-31-2016 12:00 PM

Are you asking for a method to determine license usage for index=java? If so, this question has been answered in this thread - https://answers.splunk.com/answers/4897/how-to-determine-daily-license-usage-in-gb.html.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...