Installation

How to get curl command to check license expiration time?

paraic
New Member

Hi
I am new to Splunk and have a few Dev-Test instances running with the 6 month expiry. I would like to check the expiry using Nagios. All I really need is a curl command to search Splunk for the expiration_time field under licenses and I can let Nagios do the rest.
Any guidance on where to start?

thnx
Paraic

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Why use Nagios to monitor Splunk when Splunk can monitor itself? The following search will show your licenses and expiration dates. If you have a separate license master, run the search there.

| rest /services/licenser/licenses | table label expiration_time | fieldformat expiration_time=strftime(expiration_time,"%Y-%m-%d %H:%M:%S")

To show only the licenses about to expire, modify the search a little.

| rest /services/licenser/licenses | where expiration_time<relative_time(now(),"+6mon") | table label expiration_time | fieldformat expiration_time=strftime(expiration_time,"%Y-%m-%d %H:%M:%S")

Save this as a scheduled search to run every day and trigger an alert if the number of results is not zero.

If you really want to use curl, try something like this. The response will contain everything you'd want to know about all of your licenses. It'll be up to you to parse it out.

curl -k -u admin:changeme https://localhost:8089//services/licenser/licenses
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Why use Nagios to monitor Splunk when Splunk can monitor itself? The following search will show your licenses and expiration dates. If you have a separate license master, run the search there.

| rest /services/licenser/licenses | table label expiration_time | fieldformat expiration_time=strftime(expiration_time,"%Y-%m-%d %H:%M:%S")

To show only the licenses about to expire, modify the search a little.

| rest /services/licenser/licenses | where expiration_time<relative_time(now(),"+6mon") | table label expiration_time | fieldformat expiration_time=strftime(expiration_time,"%Y-%m-%d %H:%M:%S")

Save this as a scheduled search to run every day and trigger an alert if the number of results is not zero.

If you really want to use curl, try something like this. The response will contain everything you'd want to know about all of your licenses. It'll be up to you to parse it out.

curl -k -u admin:changeme https://localhost:8089//services/licenser/licenses
---
If this reply helps you, Karma would be appreciated.
0 Karma

paraic
New Member

OK, figured it out.
I was using http instead of https. Our main Search head uses http but the mPort uses https.
got the XML file which I can parse now.

0 Karma

paraic
New Member

I'm getting a 404 on that URL.
I would rather not use Splunk as we funnel everything through Nagios and we have solid processes for managing all alerts.

0 Karma

paraic
New Member

figured out the 404 - I was pointing at the main URL, not the mPort. Tried again on the mPort and got:
curl: (56) Recv failure: Connection reset by peer
Do I need to enable something in Splunk to use that port?

0 Karma

koshyk
Super Champion

hi,
Yes its possible. Something like below. Ensure you are running against the "License manager"

curl -k -u admin:changeme https://<host>:<mPort>/services/licenser/licenses

REST command in Splunk which you can filter more granular

| rest /services/licenser/licenses splunk_server=<license_master>| table group_id,type,quota,license_hash,status,expiration_time
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...