Installation

How to remotely monitor Splunk license violations and warnings?

rubeniturrieta
Communicator

I to everyone, i have a question for you:

I need to remotely monitor license violations and warnings with external tools. Do you know how to do something like this?

Any help is welcome.

Regards

Labels (1)
0 Karma
1 Solution

stephane_cyrill
Builder

Hi rubeniturrieta,
1- If you are using splunk 6.2..in SETTINGS >DEPLOYMENT MONITORING CONSOLE, if your deployment in well configure,you have varieties of monitoring dashbords there that shows you almost everything.

2- you can set up an alert base on the quota indexed volume for on or many host, So that if there reach somthing like 80% of license volume,the alert should be triggered. You can even send a warning email when the alert start.

3- Let me add this:
in your deployment you can make use of license pool,for example, if you have many units, you allocate a sub license pool per unit. doing so, if a unit exceed thier quota or violate thier license, they will be stop and they will no consume other units license.

docs.splunk.com/Documentation/Splunk/6.2.2/Admin/Platformalerts

View solution in original post

scherbanepam
New Member

It is also possible to use REST for remotely watch the data

0 Karma

stephane_cyrill
Builder

Hi rubeniturrieta,
1- If you are using splunk 6.2..in SETTINGS >DEPLOYMENT MONITORING CONSOLE, if your deployment in well configure,you have varieties of monitoring dashbords there that shows you almost everything.

2- you can set up an alert base on the quota indexed volume for on or many host, So that if there reach somthing like 80% of license volume,the alert should be triggered. You can even send a warning email when the alert start.

3- Let me add this:
in your deployment you can make use of license pool,for example, if you have many units, you allocate a sub license pool per unit. doing so, if a unit exceed thier quota or violate thier license, they will be stop and they will no consume other units license.

docs.splunk.com/Documentation/Splunk/6.2.2/Admin/Platformalerts

rubeniturrieta
Communicator

It worked!, thanks you!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...