Archive

Volume used

New Member

Hi Everyone. I recently installed the free version of Splunk. I have configured it to read data from only one data source, Netflow from a single router. Over the last 5 days, only 7MB of Netflow data has been collected. However, the volume used in the licensing is showing that I have used 3GB so far today. Can anyone shed some light as to why this is possibly happening?

Thanks,
Matt

Tags (1)
0 Karma

SplunkTrust
SplunkTrust

Run following query and you can check the license usage by index. Based on this you can get to know where your license capacity is utilized.

index=_internal source=*license_usage.log sourcetype=splunkd | timechart span=1d sum(b) as bytes by idx limit=0| eval MB=round(bytes/1024/1024/1024,3)

Other variation your can try is using the sourcetype

index=_internal source=*license_usage.log sourcetype=splunkd | timechart span=1d sum(b) as bytes by st limit=0| eval MB=round(bytes/1024/1024/1024,3)