Installation

How to get curl command to check license expiration time?

paraic
New Member

Hi
I am new to Splunk and have a few Dev-Test instances running with the 6 month expiry. I would like to check the expiry using Nagios. All I really need is a curl command to search Splunk for the expiration_time field under licenses and I can let Nagios do the rest.
Any guidance on where to start?

thnx
Paraic

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Why use Nagios to monitor Splunk when Splunk can monitor itself? The following search will show your licenses and expiration dates. If you have a separate license master, run the search there.

| rest /services/licenser/licenses | table label expiration_time | fieldformat expiration_time=strftime(expiration_time,"%Y-%m-%d %H:%M:%S")

To show only the licenses about to expire, modify the search a little.

| rest /services/licenser/licenses | where expiration_time<relative_time(now(),"+6mon") | table label expiration_time | fieldformat expiration_time=strftime(expiration_time,"%Y-%m-%d %H:%M:%S")

Save this as a scheduled search to run every day and trigger an alert if the number of results is not zero.

If you really want to use curl, try something like this. The response will contain everything you'd want to know about all of your licenses. It'll be up to you to parse it out.

curl -k -u admin:changeme https://localhost:8089//services/licenser/licenses
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Why use Nagios to monitor Splunk when Splunk can monitor itself? The following search will show your licenses and expiration dates. If you have a separate license master, run the search there.

| rest /services/licenser/licenses | table label expiration_time | fieldformat expiration_time=strftime(expiration_time,"%Y-%m-%d %H:%M:%S")

To show only the licenses about to expire, modify the search a little.

| rest /services/licenser/licenses | where expiration_time<relative_time(now(),"+6mon") | table label expiration_time | fieldformat expiration_time=strftime(expiration_time,"%Y-%m-%d %H:%M:%S")

Save this as a scheduled search to run every day and trigger an alert if the number of results is not zero.

If you really want to use curl, try something like this. The response will contain everything you'd want to know about all of your licenses. It'll be up to you to parse it out.

curl -k -u admin:changeme https://localhost:8089//services/licenser/licenses
---
If this reply helps you, Karma would be appreciated.
0 Karma

paraic
New Member

OK, figured it out.
I was using http instead of https. Our main Search head uses http but the mPort uses https.
got the XML file which I can parse now.

0 Karma

paraic
New Member

I'm getting a 404 on that URL.
I would rather not use Splunk as we funnel everything through Nagios and we have solid processes for managing all alerts.

0 Karma

paraic
New Member

figured out the 404 - I was pointing at the main URL, not the mPort. Tried again on the mPort and got:
curl: (56) Recv failure: Connection reset by peer
Do I need to enable something in Splunk to use that port?

0 Karma

koshyk
Super Champion

hi,
Yes its possible. Something like below. Ensure you are running against the "License manager"

curl -k -u admin:changeme https://<host>:<mPort>/services/licenser/licenses

REST command in Splunk which you can filter more granular

| rest /services/licenser/licenses splunk_server=<license_master>| table group_id,type,quota,license_hash,status,expiration_time
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...