Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Volume used

itionet
New Member
‎09-21-2015 12:51 AM

Hi Everyone. I recently installed the free version of Splunk. I have configured it to read data from only one data source, Netflow from a single router. Over the last 5 days, only 7MB of Netflow data has been collected. However, the volume used in the licensing is showing that I have used 3GB so far today. Can anyone shed some light as to why this is possibly happening?

Thanks,
Matt

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎09-21-2015 12:52 PM

Run following query and you can check the license usage by index. Based on this you can get to know where your license capacity is utilized.

index=_internal source=*license_usage.log sourcetype=splunkd | timechart span=1d sum(b) as bytes by idx limit=0| eval MB=round(bytes/1024/1024/1024,3)

Other variation your can try is using the sourcetype

index=_internal source=*license_usage.log sourcetype=splunkd | timechart span=1d sum(b) as bytes by st limit=0| eval MB=round(bytes/1024/1024/1024,3)
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...