I have a request to determine the average license usage per host, for a few selected indexes, on a daily basis. Is there a way to do this?
Hi,
Use below query to find per day license for every host which is sending to INDEX_A
or INDEX_B
index=_internal host=LICENSE_SERVER source=*license_usage.log* (idx=INDEX_A OR idx=INDEX_B) | bin span=1d _time | stats sum(b) as bytes by h | eval GB=((bytes/1024)/1024)/1024
Thanks. Should have been more specific, in addition to the host detailed info, a summary that shows the final average across all of them.
Do you mean average of all hosts license usage then try below query
index=_internal host=LICENSE_SERVER source=*license_usage.log* (idx=INDEX_A OR idx=INDEX_B) | bin span=1d _time | stats sum(b) as bytes by h | eventstats avg(bytes) as avg_bytes
EDIT: Updated query.
I want to calculate how much the average endpoint sends for these paticular indexes.
Based on the questions you've asked, I think you've got the answer here already.
In the license_usage.log
the h
is the host and idx
is the indexes. So you're just doing stats sum(b) by h, idx
.