Solved: How to find metrics on license usage for my Cisco ...

hartfoml · ‎08-14-2014

I want to find the license usage for my Cisco sourcetype. I found this on splunk answers

http://answers.splunk.com/answers/2180/license-usage-by-sourcetype

Thanks much for the help @Lowell

Unfortunately when I use this search: ...index=_internal sourcetype=splunkd source=*metrics* "group=per_sourcetype_thruput" series="cisco_syslog"...
I see very few events, 12 for the last 30 days??? If I add | stats sum(kb) I get 241 Kb for 30 days or ~8 Kb per day. Somehow this dose not sound right???

When I do ...sourcetype="cisco_syslog" | stats count... I get 201,686 event for just 7 days.

How can I make sure Splunk is capturing the right metrics for this sourcetype???

martin_mueller · ‎08-14-2014

Give this a shot:

index=_internal source=*license_usage.log st="cisco_syslog"

Back when the linked question was answered that log didn't even exist yet...

View solution in original post

martin_mueller · ‎08-14-2014

Give this a shot:

index=_internal source=*license_usage.log st="cisco_syslog"

Back when the linked question was answered that log didn't even exist yet...

hartfoml · ‎08-14-2014

Thanks Martin

That did the trick

How to find metrics on license usage for my Cisco sourcetype?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life