Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to find last 3 months data usage and what logs are genarated

anil1432
Explorer
‎11-09-2021 11:59 PM

Hello everyone,

I have started using splunk enterprise from July ,

I have created hosts and forwarders for it , I think forwarders may not use data license ?, please give clarity on this.

 

 but we didn't use it for still now and any logs also , but we can see that data license usage is very high  month to month August month 1.1m-->September--> 1.9m ---> October--> 2.8M . And why that's

 happening please let me know , any process for this one , please provide some information , and how to check that one and how to find  who are using  that , 

 

Thanks

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-10-2021 01:15 AM

Hi

In technical way of thinking UF don't use license, BUT when it sends those events to Splunk Enterprise indexer host then indexer use license based on event amount and sizes which it receive from UFs + other ways. You could reduce event amount and content of events before indexing if there is something which you are not needed. Other option is not getting those from source node (UF).

What nodes, source types etc are using license? You can see that from your MC (Monitoring console). Where this is is based n your deployment. If you have single node (SH + IDX on the same box) then just go to Settings -> MC -> Indexing -> Lincensing to directly Settings -> Licensing. There are couple of dashboards which shows that information. If you have distributed environment (separate SH and IDX layer) then you should have separate MC node or CM which has this role. Then just use on that node Settings -> MC -> Indexing -> License. In distributed environment this needs that you set first your MC to distributed mode and all nodes are using the same LM (license master).

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...