Re: Help with licensing report

a212830 · ‎10-18-2016

Hi,

We decided to centralize all of our Splunk licensing, and my group is now responsible for it (yay, us?). So, we now have one huge license pool, and I need to create some reports for different groups. I need to break down the usage by groups of indexers. How would I do that? Is there any way to assign each group a value, and then report on when they have either gone over it, or even approaching 80% of it?

jdonn_splunk · ‎10-19-2016

Hi a212830,

Burch is right, this exact feature is built into the Chargeback App. Feel free to reach out to me if you want a walk through, my contact info is in the readme.

Jim

a212830 · ‎10-21-2016

Hi Jim,

I don't see a way to associate license servers with a group. Am I missing something? Feel free to contact me directly.

a212830 · ‎10-21-2016

Sorry, not license servers - slaves... indexers reporting into the license mgr.

jdonn_splunk · ‎10-21-2016

The groups are assigned to each individual index in customers.csv. Think of it as a micro-license for each individual index. You then apply the anticipated daily volume to it and you are off to the races!

If you have more than one group using the same index, make a copy of the index definition, put in the new group name, and then adjust each of their percent ownership.

Let me know how it works out.

Jim

sloshburch · ‎10-19-2016

I'm pretty sure this is all captured in the Chargeback app. Obviously, you're not talking about doing Chargeback, but there should be reports and lookups to help you manage the mapping for measuring one large pool.

gcusello · ‎10-18-2016

You can configure one or more groups of license and assign to each one a part of license and define which indexers can use each license group.
In this way and using Utilization report by Pool you can have your alerts.

index=_internal [set_local_host] source=license_usage.log type="RolloverSummary" earliest=-30d@d pool="pool1" | eval _time=_time - 43200 | bin _time span=1d | stats latest(b) AS b by slave, pool, _time | timechart span=1d sum(b) AS "volume" fixedrange=false | join type=outer _time [search index=_internal [set_local_host] source=license_usage.log type="RolloverSummary" earliest=-30d@d pool="auto_generated_pool_enterprise" | eval _time=_time - 43200 | bin _time span=1d | stats latest(poolsz) AS "dimensione del gruppo" by _time] | fields - _timediff | foreach * [eval <>=round('<>'/1024/1024/1024, 3)]

Bye.
Giuseppe

a212830 · ‎10-18-2016

Are you saying license groups? We don't want to do that - by using one large pool, we can eliminate some overages.

gcusello · ‎10-18-2016

If you don't want to use License Pool, the only way I see is to associate one or more indexes to a group and sum the license consumption of them using the License usage report.
Bye.
Giuseppe

a212830 · ‎10-18-2016

Right, so I'm looking for help on how to do that in a search, knowing that there will be multiple groups. Also, is there anyway to report on when you are approaching values exceeding a value.

sloshburch · ‎10-19-2016

"when you are approaching values exceeding a value" - like the predict command?

gcusello · ‎10-19-2016

No there's a limit (e.g. 80%) and an alert is triggered when this value is reached.
Bye.
Giuseppe

a212830 · ‎10-21-2016

Thanks. I'm looking for alerting on groups of indexers, so the total license usage doesn't really help me.

gcusello · ‎10-19-2016

Go in the Distributed Management Console App and open App alerts

http://xxx.xxx.xxx.xxx:8000/it-IT/app/splunk_management_console/alerts

see only App alerts and open in search the following alert:
"DMC Alert - Total License Usage Near Daily Quota"
this is a good starting point to reach your target.
Bye.
Giuseppe

How to create a licensing report that tracks usage rates?

indexer

license

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM