All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Logging Volume by event

daniel333
Builder
‎05-31-2016 10:37 AM

All,

Is there an accurate way of measuring how much a specific event is using of my licensing?

I have 1000+ severs logging into index=java. A subset of hosts are logging in debug mode (priority=debug) I'd like to see how much licensing is being burned through.

thanks
-Daniel

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎05-31-2016 01:00 PM

For getting the license usage from those hosts, use this (Splunk's native license usage log, run from your license master)

index=_internal sourcetype=splunkd source=*license_usage.log i=java (h=yourhost1 OR h=yourhost2...) | timechart span=1d sum(b) as gb | eval gb=round(gb/1024/1024/1024,2)

If you're looking for license usage per event,on basis of a custom field, then there is no license usage summary provided by splunk. You can use this, not 100% accurate, slow workaround

YOur base search to get debug logs | eval b=len(_raw) | timechart span=1d sum(b) as gb | eval gb=round(gb/1024/1024/1024,2)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎05-31-2016 01:00 PM

For getting the license usage from those hosts, use this (Splunk's native license usage log, run from your license master)

index=_internal sourcetype=splunkd source=*license_usage.log i=java (h=yourhost1 OR h=yourhost2...) | timechart span=1d sum(b) as gb | eval gb=round(gb/1024/1024/1024,2)

If you're looking for license usage per event,on basis of a custom field, then there is no license usage summary provided by splunk. You can use this, not 100% accurate, slow workaround

YOur base search to get debug logs | eval b=len(_raw) | timechart span=1d sum(b) as gb | eval gb=round(gb/1024/1024/1024,2)
0 Karma
Reply
Solved! Jump to solution

nswondem
Path Finder
‎05-31-2016 12:00 PM

Are you asking for a method to determine license usage for index=java? If so, this question has been answered in this thread - https://answers.splunk.com/answers/4897/how-to-determine-daily-license-usage-in-gb.html.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...