Is there a way to get a report on license usage fo...

chanmic · ‎09-17-2015

Hi All,

I'd like a report for license usage for all my indexes per day over X days. We have over 30 indexes and when I run the Daily License Usage in search, it only returns 11 or so indexes. Is there a way that I can get a report for all the indexes' usage, regardless of how little data is indexed in it?

Thanks in advance,
Michael

somesoni2 · ‎09-18-2015

Try something like this

index=_internal source=*license_usage.log* type=Usage | bucket span=1d _time | stats sum(b) as bytes by _time idx | eval gb=round(bytes/1024/1024/1024,3) | fields - bytes| append [| gentimes start=-1 | addinfo | eval t=mvrange(info_min_time,info_max_time,86400) | table t | mvexpand t | rename t as _time | bucket span=1d _time | eval gb=0 | join type=left max=0 gb [| rest /services/data/indexes | table title | rename title as idx | eval gb=0]] | stats max(gb) as gb by _time idx

chanmic · ‎09-28-2015

Thanks somesoni2,

With your query, is there a way to add the usage of the liked indexes together?

masonmorales · ‎09-18-2015

Yes! Take a look at this app: https://splunkbase.splunk.com/app/2678/

It supports exactly what you are talking about. I built it, so if you have any features requests, just comment on here or e-mail me.

pradeepkumarg · ‎09-18-2015

What is your search for license usage?

Is there a way to get a report on license usage for all indexes per day over X days, regardless of how little data is indexed?

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash