How can I visualize daily license consumption and ...

kteng2024 · ‎08-24-2017

Can I please know how to track the license increase? For example , I have an sourcetype "access_log" which has contributed 500GB of license yesterday but today if the same sourcetype contributed 700GB, I would like to see it in visualization. Right now, I am using below query to find top contributing sourcetypes.

index="_internal" source="*metrics.log" per_sourcetype_thruput | chart sum(eval(kb/1024/1024)) AS GB by series | sort – GB

HiroshiSatoh · ‎08-24-2017

It is the amount of license usage per day, per source type.

index=_internal source=*license_usage.log* type=Usage 
|  eval gb=b/1024/1024/1024
| timechart  span=1d sum(gb) AS sourcetype_volume_GB by st

esix_splunk · ‎08-24-2017

Have you looked in the Monitoring Console on your license master for this? You can find historical averages and usage for these. See the documentation here : http://docs.splunk.com/Documentation/Splunk/6.6.3/DMC/DMCoverview

How can I visualize daily license consumption and increase?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation