Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to find out how many license violations have occurred in the last 30 days in Splunk 6.2?

niklucky02
Explorer
‎05-16-2016 01:49 AM

I have installed Splunk 6.2 version and it shows a license violation under category 'license_window'. Is there any way we can find out how many violations have occurred in last 30 days in version 6.2?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phadnett_splunk
Splunk Employee
Splunk Employee
‎05-18-2016 09:00 PM

The best way to do this is to monitor the 30 day License Usage Report View (LURV) in Settings > LIcensing > Usage Report > Previous 30 Days

View solution in original post

Reply
Solved! Jump to solution
Solution

phadnett_splunk
Splunk Employee
Splunk Employee
‎05-18-2016 09:00 PM

The best way to do this is to monitor the 30 day License Usage Report View (LURV) in Settings > LIcensing > Usage Report > Previous 30 Days

Reply
Solved! Jump to solution

phadnett_splunk
Splunk Employee
Splunk Employee
‎05-21-2016 10:29 AM

@niklucky02 You could use a search like this to see each time a warning occurs for the pool. You have 5 or more warnings in a rolling 30-day period before a violation for the pool occurs.

index=_internal sourcetype=splunkd component=LMStackMgr "A warning has been recorded for all members"

Reply
Solved! Jump to solution

niklucky02
Explorer
‎05-29-2016 09:40 PM

Thanks Phadnett! The query worked but it was showing 5 violations whereas my search didn;t lock out. Anyways, I will keep this query as the message is exactly what I was looking for.

Reply
Solved! Jump to solution

niklucky02
Explorer
‎05-18-2016 10:26 PM

@phadnett: I see some variations in the number of violations messages that I see under LURV and the reason I posed this question. My question is there a pattern inside splunk logs on the license master server that would help me to see that I have violated 3 times in last 30 days or an alternate splunk query?

0 Karma
Reply
Solved! Jump to solution

niklucky02
Explorer
‎05-16-2016 09:16 PM

Violation alerts under licensing tab are not consistent and it seems to retrieve those messages using REST API. Re-framing my earlier question, is there a way to track the number of violations from the splunk logs?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...