Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

License source not up to date

jgauthier
Contributor
‎09-12-2012 08:17 AM

I noticed today that my license audit source is not up to date:

index=_internal source=*license_audit.log

This does not have any data since 09/08/2012... but I have on idea why.

Any ideas for me?

Tags (1)
0 Karma
Reply

MHibbin
Influencer
‎09-12-2012 08:24 AM

Hi there,

I would take this as good news, as the license_audit.log file is used for tracking license violations (i.e. when you go over the limit).

I think you are looking for license_usage.log, this tracks your general usage.

Please see the following docs for reference...

http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/WhatSplunklogsaboutitself

Regards,

MHibbin

0 Karma
Reply

MHibbin
Influencer
‎09-12-2012 09:13 AM

Try including your search query in backticks (e.g. "`").

Which version of Splunk are you using? Have undergone an upgrade... The following provides differences between versions of SPlunk and checking license usage etc.
http://wiki.splunk.com/Community:TroubleshootingIndexedDataVolume

0 Karma
Reply

jgauthier
Contributor
‎09-12-2012 08:54 AM

Bah, that has an asterisk before license_audit.log that the web form has removed on my behalf.

0 Karma
Reply

jgauthier
Contributor
‎09-12-2012 08:53 AM

This query:
index=_internal todaysBytesIndexed LicenseManager-Audit source=*license_audit.log | eval Daily_Indexing_Volume_in_MBs = todaysBytesIndexed/1024/1024 | bucket _time span=1d | stats avg(Daily_Indexing_Volume_in_MBs) AS UsageMB first(licenseSize) AS LicenseSize by _time host | eval UsagePercent=UsageMB/(LicenseSize/1024/1024)*100 | eval UsagePercent=round(UsagePercent, 2) | table _time host LicenseSize UsageMB UsagePercent

Which I have used for over a year no longer works.
And no, I'm not over my licensing... and I haven't been.. .but this query always worked.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...