Solved: See count of license violations in last 30 days? - Page 2

mfrost8 · ‎12-12-2011

We have had several license violations recently and I'm not certain how close we are to our 30-day limit. I'd like to know how many violations Splunk thinks I've had in the last 30 days to know how concerned I should be. I actually know that we've gone over for the past 3 days for certain due to some unusual testing that occurred, but I'm not sure if this is violation #4 in 30 days or just #3.

I looked in Manager -> License, but it shows "Warnings: 0". I don't see anything else on that page that would indicated how many I've had in 30 days. (I would really expect that this info should be on the license page).

Is there a query I can run to tell me the number of violations in the last 30 days?

I'm running Splunk 4.2.4.

Thanks

MHibbin · ‎12-12-2011

Hi,

On in the Splunk log files, you should look at "license_audit.log", which can be found in "$SPLUNK_HOME/var/log/splunk/". Here you will see information regarding licenses violations.

So you could search on

index=_internal licensemanager

If you have access to the internal index, the fields should be extracted for you.

Regards,

Matt

View solution in original post

See count of license violations in last 30 days?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!