Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get licensing of indexes per indexing server?

MikeBertelsen
Communicator
‎03-21-2018 12:29 PM

I have two reports that I would like to combine so that for a specific group of indexers I can get the list of indexes and how much licensing is impacted by indexer and licensing impact for each of the indexes on that indexer.
This first one gives me licensing impact by indexer where the indexer is as a whole is at least one gig of licensing:

index=_internal source=*license_usage.log type="RolloverSummary" earliest=-30d@d pool=* 
| eval _time=_time - 43200 | bin _time span=1d | stats latest(b) AS b by slave, pool, _time 
| eval gb = round(b/1024/1024/1024,2)  
| join type=left slave        [
     | rest count=0 /services/licenser/slaves        
     | rename label as slave_name       
     | rename title as slave        
     | table slave_name slave]  
| search gb!=0  | timechart span=1d sum(gb) AS "volume" fixedrange=false by slave_name

This next one gives me a list of indexes and what the impact to licensing is:

index=_internal source=*license_usage.log type=Usage |  eval totalMB = b/1024/1024  | eval totalGB = totalMB /1024 | rename idx as index | timechart span=1d limit=20 sum(totalGB) by index
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

Splunk initially announced the removal of Python 2 during the release of Splunk Enterprise 8.0.0, aiming to ...

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

co-authored by Yiyun Zhu & Dan Hosaka Engaging with the Community at .conf24 At .conf24, we revitalized the ...

Detect and Resolve Issues in a Kubernetes Environment

We’ve gone through common problems one can encounter in a Kubernetes environment, their impacts, and the ...