We have had several license violations recently and I'm not certain how close we are to our 30-day limit. I'd like to know how many violations Splunk thinks I've had in the last 30 days to know how concerned I should be. I actually know that we've gone over for the past 3 days for certain due to some unusual testing that occurred, but I'm not sure if this is violation #4 in 30 days or just #3.
I looked in Manager -> License, but it shows "Warnings: 0". I don't see anything else on that page that would indicated how many I've had in 30 days. (I would really expect that this info should be on the license page).
Is there a query I can run to tell me the number of violations in the last 30 days?
I'm running Splunk 4.2.4.
Thanks
Hi,
On in the Splunk log files, you should look at "license_audit.log"
, which can be found in "$SPLUNK_HOME/var/log/splunk/"
. Here you will see information regarding licenses violations.
So you could search on
index=_internal licensemanager
If you have access to the internal index, the fields should be extracted for you.
Regards,
Matt