- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mintughosh
Path Finder
04-28-2017
12:27 AM
I have wrote a query to find out the license usage by host. But I need to find out the top 10 hosts or indexes in terms of license usage. I have written the following query.
index=_internal source="*license_usage.log" | stats sum(b) as bytes by h | eval MB = round(bytes/1024/1024,1) | rename h as "HOSTNAME" | fields - bytes | rename MB as "License Consumption (MB)"
The above query gives me license usage of all the hosts. I need to find top 10 hosts or indexes.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dineshraj9
Builder
04-28-2017
12:34 AM
Sort by consumption and use the top 10 values -
index=_internal source="*license_usage.log" | stats sum(b) as bytes by h | eval MB = round(bytes/1024/1024,1) | rename h as "HOSTNAME" | fields - bytes | rename MB as "License Consumption (MB)" | sort 10 - "License Consumption (MB)"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mwong
Splunk Employee
04-28-2017
02:20 AM
You can also use "top" command to show the most usage host. Please refer to our below documentation.
https://docs.splunk.com/Documentation/Splunk/6.5.3/SearchReference/Top
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dineshraj9
Builder
04-28-2017
12:34 AM
Sort by consumption and use the top 10 values -
index=_internal source="*license_usage.log" | stats sum(b) as bytes by h | eval MB = round(bytes/1024/1024,1) | rename h as "HOSTNAME" | fields - bytes | rename MB as "License Consumption (MB)" | sort 10 - "License Consumption (MB)"
