Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk License Usage Reports
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I submitted a support request for this but perhaps someone can help me before they respond....
End goal -
Weekly emailed report that shows total license usage per day. I found this report under the deployment monitor that is close to what I would like "Daily Usage for Last 60 Days"
However when I view this report under Settings > "Searches, reports and Alerts" > Daily License Usage by Pool - last 60 days > Run - the date field is incorrectly displayed. Would like to attach image of this but I guess I need more karma...
The day field just has the numbers... 1418968800, 1419055200 etc... assuming it is a formatting issue??
Deployment monitor v 5.0.4
Splunk V 6.2.0
Thanks!
John
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Time is in epoch. use strftime command with %m-%d-%y %H:%M:%S as argument.
Example: Let's say the field xyz has the values 1418968800, 1419055200 etc..
use ....|eval Time = strftime(xyz,"%m-%d-%y %H:%M:%S"). Also, with 6 and above versions of Splunk, you have the license monitor embedded which should give you searches to tweak as per your needs.
Hope this helps.
Thanks,Raghav
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Time is in epoch. use strftime command with %m-%d-%y %H:%M:%S as argument.
Example: Let's say the field xyz has the values 1418968800, 1419055200 etc..
use ....|eval Time = strftime(xyz,"%m-%d-%y %H:%M:%S"). Also, with 6 and above versions of Splunk, you have the license monitor embedded which should give you searches to tweak as per your needs.
Hope this helps.
Thanks,Raghav
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This didn't work exactly but it pointed me in the right direction. Thanks!
Used |fieldformat day = strftime(day, "%b %d, %Y")
dm_license_summary_10m_by_pool | bucket _time as day span=d | eval gb=mb/1024 | stats sum(gb) as gb by pool, day | eval gb=round(gb,2) | fieldformat day = strftime(day, "%b %d, %Y")
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
