Re: Determination of license usage

Gayathirik · ‎11-16-2016

How to determine max license usage of various indexers in GB for past 30 days also how to convert the KB to GB?

dbourg_splunk · ‎11-17-2016

@richgalloway has the best answer to this (DMC). The answer from @dbcase is correct if you want to see your total license usage, but it is not split by indexer. Is there something in particular you are trying to determine at the indexer level?

dbcase · ‎11-17-2016

Here is the query I use

index=_internal source="*license_usage.log" type=RolloverSummary | timechart span=1d sum(b) AS DailyVolume | eval DailyVolume=round(DailyVolume/1024/1024/1024,2) | eval License="5"|rename DailyVolume as "Daily Usage"

Change the eval License="5" to whatever your license number is

richgalloway · ‎11-16-2016

The Distributed Management Console (DMC) will show license usage by index for the last 30 days. Click Settings->Distributed Management Console then click Indexing->License Usage->License Usage - Past 30 days. Select "By Indexer" from the Split By drop-down.
Convert KB to GB by dividing by 1024.

---
If this reply helps you, Karma would be appreciated.

Gayathirik · ‎11-17-2016

I need to check on the license utilization of different indexers which are in bytes and to convert it to GB for the past 30 days.

If you can provide me with the query then it would help!!!

richgalloway · ‎11-17-2016

I still say the DMC is the better approach, but this query may also help.

index=_internal source=*license* | stats sum(b) as Bytes by splunk_server | eval GB=Bytes/1024/1024/1024 | table splunk_server GB

---
If this reply helps you, Karma would be appreciated.

dbourg_splunk · ‎11-17-2016

Also be aware that there are different types of events in the license_usage.log. RolloverSummary is the one you want to use to determine overall volume.

Determination of license usage

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!