Installation

how to get the license usage of other hosts which do not match a pattern?

kiran_mh
Explorer

Hi,

We have the following query:

index =_internal source =*license_usage.log type ="Usage" | eval Team =case(h like "%-ec2%" OR h like "%-usnw%" OR h like "%-usw%" OR h like "IP-%" OR h like "%-EU%" OR h like "%-SYD%" OR h like "%-BR%" OR h like "%-AP%" OR h like "%-JP%" OR h like "%-load%" OR h like "ens-%", "AWS", h like "%-IAD" OR h like "%-FRA" OR h like "%-LAS" OR h like "%-AMS" OR h like "%-STAGE", "COLO" , h like "STORAGE-BIGDATA-%" OR h like "SF-AZUZE-%" OR h like "STORAGE-USE-%" OR h like "STORAGE-USNC-%" OR h like "STORAGE-APE-%" OR h like "STORAGE-EUN-%", "AZURE") | eval GB=(b/(1024*1024*1024)) | stats sum(GB) by Team | rename sum(GB) as License_Usage_GB | sort -License_Usage_GB

which gives us the license usage of hosts in a particular team,

we want to get the license usage of other hosts which do not match the given patterns above.

Thanks in advance.........

Tags (1)
0 Karma

inventsekar
SplunkTrust
SplunkTrust

On the eval case statement, we can add a default match for all others as 1=1, "other_teams"

index =internal source =*license_usage.log type ="Usage" | eval Team =case(h like "%-ec2%" OR h like "%-usnw%" OR h like "%-usw%" OR h like "IP-%" OR h like "%-EU%" OR h like "%-SYD%" OR h like "%-BR%" OR h like "%-AP%" OR h like "%-JP%" OR h like "%-load%" OR h like "ens-%", "AWS", h like "%-IAD" OR h like "%-FRA" OR h like "%-LAS" OR h like "%-AMS" OR h like "%-STAGE", "COLO" , h like "STORAGE-BIGDATA-%" OR h like "SF-AZUZE-%" OR h like "STORAGE-USE-%" OR h like "STORAGE-USNC-%" OR h like "STORAGE-APE-%" OR h like "STORAGE-EUN-%", "AZURE",1=1, "othe teams") | eval GB=(b/(1024*1024*1024)) | stats sum(GB) by Team | rename sum(GB) as License_Usage_GB | sort -License_Usage_GB

0 Karma

JDukeSplunk
Builder

I think that a 1=1, "Other" would work for you.

"STORAGE-EUN-%", "AZURE", h 1=1, "Other") | eval GB=

Or maybe

|search NOT Team=*
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...