Solved: Re: Splunk license usage by host or indexes top 10

mintughosh · ‎04-28-2017

I have wrote a query to find out the license usage by host. But I need to find out the top 10 hosts or indexes in terms of license usage. I have written the following query.

The above query gives me license usage of all the hosts. I need to find top 10 hosts or indexes.

dineshraj9 · ‎04-28-2017

Sort by consumption and use the top 10 values -

index=_internal source="*license_usage.log" | stats sum(b) as bytes by h | eval MB = round(bytes/1024/1024,1) | rename h as "HOSTNAME" | fields - bytes | rename MB as "License Consumption (MB)" | sort 10 - "License Consumption (MB)"

View solution in original post

mwong · ‎04-28-2017

You can also use "top" command to show the most usage host. Please refer to our below documentation.

https://docs.splunk.com/Documentation/Splunk/6.5.3/SearchReference/Top

dineshraj9 · ‎04-28-2017

Sort by consumption and use the top 10 values -

index=_internal source="*license_usage.log" | stats sum(b) as bytes by h | eval MB = round(bytes/1024/1024,1) | rename h as "HOSTNAME" | fields - bytes | rename MB as "License Consumption (MB)" | sort 10 - "License Consumption (MB)"

Splunk license usage by host or indexes top 10

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor