All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Please recommend a best app for License monitoring

kavyadekkata
Explorer
‎09-07-2020 09:23 PM

hi Guys,

I'm looking a better app than Meta Woot for the following reasons

-> To track our licenses per index/sourcetype/host/source.
-> To graph over a period of 1 month, quarter, 6 months and one year 

Could anyone please suggest anything that you are using

Regards
Kavya

 

Labels (3)
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-07-2020 10:14 PM

Monitoring console is best app which comes with Splunk Enterprise or Splunk cloud to track down license based on source, sourcetype and index. unfortunately sometimes when UF/HF is receiving more events than expected then UF/HF can't update metrics this will reduce visibility on how much data is indexed by source/sourcetype/host. 

by default,  frozenTimePeriodInSecs = 2592000  (which is retention of an index) is  set to _internal index. 

You may need to increase frozenTimePeriodInSecs  value to one year to track your license by source/sourcetype/host.

————————————
If this helps, give a like below.
Reply

kavyadekkata
Explorer
‎09-07-2020 10:29 PM

thank you @thambisetty, but the problem is Monitoring console is that we cannot see License usage more than past 30 days. we are looking to get insights over 1 year
 

kavyadekkata_0-1599542915668.png

 

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-07-2020 11:05 PM

@kavyadekkata ,

please see the point in my previous answer as below:

by default,  frozenTimePeriodInSecs = 2592000  (which is retention of an index) is  set to _internal index. 

You may need to increase frozenTimePeriodInSecs  value to one year to track your license by source/sourcetype/host.

There is an option to see license usage per day using index=_telemetry this may give you almost since you have installed Splunk but it doesn't split by source/sourcetype/host.

index=_telemetry component=LicenseUsageSummary host="yourlicensemaster"
|eval GB=round((((b / 1024) / 1024) / 1024),3)
| timechart sum(GB) span=1d

Note: don't consider today events when using the above query.  you need to read the results like below:

for example look at below screenshot shows daily license consumption.

license.png

2020-09-01 is the license consumption of 31st of Aug. in the same way 2020-09-02 is the license consumption of 1st of September. this is because Splunk generates yesterday's licenseusagesummary today.

————————————
If this helps, give a like below.
Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-07-2020 10:52 PM
Basically you could open those queries and create your own dashboards with them. Then just update those time periods which you want. But this is not very efficient. You must at least use summary indexes or other method to speed up those queries.
In fortunately I cannot propose any apps for that as this one month + some own reports have been sufficient for us to reports and forecast license usage.
r. Ismo
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...