Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

License usage: What is the difference in total usage when using "split by" and "no split"?

alexanderl
Engager
‎02-21-2022 06:21 AM

I just noticed a difference in license usage when looking  at 30 days license usage.

With "no split" I am within license limit by 60GB or so, but with "split by" for example by index, I am way over our license limit?

It differs like 90GB or so in total between "no split" and "split by"?

No warnings are shown about license usage, so I think that "no split" shows the correct summary.

Anybody has a clue as to why?

Labels (1)
Labels
Reply

anel
Explorer
‎11-23-2022 11:39 PM

We have an Index Cluster with two servers and have the same issue in the monitoring console. 

The "/opt/splunk/var/log/splunk/license_usage.log" is synced between both indexers. It counts the bytes twice , so we always see double the usage size when split by index. 

Now, instead, we use the Usage Report on the license master (en-GB/manager/search/licenseusage) where it works. 

Try to find a rare byte value in your logs from the search below. You should see the log coming in from all your Splunk Servers.

 

`dmc_set_index_internal` source=*license_usage.log* type="Usage"

 

Enter the rare byte value.

 

`dmc_set_index_internal` source=*license_usage.log* type="Usage" <Rare Byte Value>

 

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-24-2022 01:50 AM

Firstly, creating a new thread with your situation description (possibly pointing to an old thread for reference) might be beneficial for your question visibility.

Secondly, why would you sync a log file between indexers???

0 Karma
Reply

anel
Explorer
‎11-24-2022 02:26 AM

Hi, 

1. It is a response to the question above. 

2. Maybe we have a configuration issue then, and @alexanderl might has the same. But that is not exactly the point. I just wanted to add some help on the discussion to "Anybody has a clue as to why?". In our case this is the problem.`dmc_licensing_usage_all()' just adds up those number and returns double the actual license usage. 

anel_0-1669285444959.png

 

 

 
 
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-24-2022 02:29 AM

OK. I interpreted it a bit like "we have similar issue, help us" 🙂 No worries.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-22-2022 01:51 AM
I just checked this on two environment single node and distributed with separate LM and I didn't notice this kind of difference. Both ways shows the same result.
r. Ismo
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...