- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- How to calculate the usage per day for a trial lic...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to calculate the usage per day for a trial license?
I am trying to calculate the license usage per day with the following query
index=_internal source="*license_usage.*" earliest=@d
| eval MB=round(b/1024/1024,1)
| eval License_Percent_Usage=round(MB/500 * 100,1)
| TABLE MB License_Percent_Usage date_mday host
This is for trial license so we have 500 MB limit. The result shows me:
that my license usage volume MB is 29000.1 while in Manager/Licensing i see the volume as 3019 Mb. How do I get that exact volume?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here, try this to get licence usage and % usage for today
index=_internal source=license_usage.log type="RolloverSummary" earliest=@d | bin _time span=1d | stats latest(b) AS b latest(stacksz) AS stacksz by slave, pool, _time | stats sum(b) AS volumeB max(stacksz) AS stacksz by _time | eval pctused=round(volumeB/stacksz*100,2)
change earliest=@d to earliest=-30d@d to check for last 30 days and so on.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index=_internal source="*license_usage.log" type=RolloverSummary | timechart span=1d sum(b) AS DailyVolume | eval DailyVolume=round(DailyVolume/1024/1024/1024,2) | eval License="5"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The license usage of splunk 5.0 is compatible with 4.3, not 4.2. The search to check license usage will be following. Could you try it? I think your search result may be including summary indexed data volume.
index=_internal source=*license_usage.log type=Usage | eval GB=b/1024/1024/1024 | timechart span=1d sum(GB) by pool
The following site is also helpful. Please take loot at it.
http://wiki.splunk.com/Community:TroubleshootingIndexedDataVolume
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found that wiki reference and link v useful, thanks for posting it Takajian.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunk 5.0
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The way that this is logged has changed dramatically across Splunk versions. What version are you running?
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
