Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk License Usage by Index or Host or Sourcetype

anandhalagaras1
Communicator
‎04-17-2023 05:21 AM

Hi Team,

I need some help to pull the top 10 index utilization (on an average of last 7 days) in a dashboard representation which should not include internal indexes and it should be in GB so kindly help out with the search query.

And also similarly I need the Splunk License Usage by Host and Sourcetype in a Dashboard view (Last 7 days average data) in GB.

 

So kindly help out on the same.

Labels (2)
0 Karma
Reply

woodcock
Esteemed Legend
‎04-17-2023 08:11 AM

Go to the "Cloud Monitoring Console" app, click on the "Indexing" menu, the "License Usage" submenu and poke around.  When you find a panel that you like, click the Magnifying Glass icon to "Open in Search" and copy that search.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-17-2023 05:47 AM

Go to Settings -> Licensing, Click "usage report", "Previous 60 days". Click the little magnifying glass under the graph to open in search. Adjust the search to your needs.

BTW, indernal indexes do not consume license so your requirement for _not_ including them is not necessary.

0 Karma
Reply

anandhalagaras1
Communicator
‎04-17-2023 06:59 AM

@PickleRick ,

Our Splunk is hosted in Cloud (AWS) and managed by Support. So when I logged into the Search Head and navigate to Settings-->Licensing I could see two options.

 

Licensing --> Switch to Local Manager option.

Local Server Information 

Indexer Name

Manager Server URI

Last successful contact time

Messages 

 

And there is no option as Usage Reports so kindly let me know how to pull it.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-17-2023 08:04 AM

In Splunk Cloud you should have licensing report(s) available in Cloud Monitoring Console. I'm not on the cloud right now so I'm not able to tell you exactly where it is, but it's there.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...