Installation

Determination of license usage

Gayathirik
Path Finder

How to determine max license usage of various indexers in GB for past 30 days also how to convert the KB to GB?

Tags (1)
0 Karma

dbourg_splunk
Splunk Employee
Splunk Employee

@richgalloway has the best answer to this (DMC). The answer from @dbcase is correct if you want to see your total license usage, but it is not split by indexer. Is there something in particular you are trying to determine at the indexer level?

0 Karma

dbcase
Motivator

Here is the query I use

index=_internal source="*license_usage.log" type=RolloverSummary | timechart span=1d sum(b) AS DailyVolume | eval DailyVolume=round(DailyVolume/1024/1024/1024,2) | eval License="5"|rename DailyVolume as "Daily Usage"

Change the eval License="5" to whatever your license number is

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Distributed Management Console (DMC) will show license usage by index for the last 30 days. Click Settings->Distributed Management Console then click Indexing->License Usage->License Usage - Past 30 days. Select "By Indexer" from the Split By drop-down.
Convert KB to GB by dividing by 1024.

---
If this reply helps you, Karma would be appreciated.

Gayathirik
Path Finder

I need to check on the license utilization of different indexers which are in bytes and to convert it to GB for the past 30 days.

If you can provide me with the query then it would help!!!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I still say the DMC is the better approach, but this query may also help.

index=_internal source=*license* | stats sum(b) as Bytes by splunk_server | eval GB=Bytes/1024/1024/1024 | table splunk_server GB
---
If this reply helps you, Karma would be appreciated.
0 Karma

dbourg_splunk
Splunk Employee
Splunk Employee

Also be aware that there are different types of events in the license_usage.log. RolloverSummary is the one you want to use to determine overall volume.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...