Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trying to build a license utilization report based on licenses used vs. the number of licenses purchased.

mangelastro
Observer
‎02-17-2018 03:34 PM

We need a license usage report based on data in a log file. I built a search that extracts the following data,

_time as date in %Y-%m-%d format, 2018-01-05 (January 5th 2018)
The next field is License, which can be a value of “Rational Quality Manager”
Next field is “Jazzrole” such as “Analyst” or “Quality Professional”
Next field is Tokens which is either “OUT” or “IN” since license tokens can be checked out and checked back in
Then “TokensInOut” is the number of tokens “checked out”
I also created a field using stats to sum the # of tokens checked out for a particular license by day called TotalTokensOut

We need to determine by day the number of tokens “checked out” for a particular license such as Rational Quality Manager and
Jazz role “Quality Professional” against the number of license tokens available which is a hard coded number such as 890 or Quality Professional or 1000 for Doors Analyst.

so the table looks like:

alt text
We’d like to build a report that includes LicenseUtilization by date, license type, jazz role, and figure the % utilized for a particular license

alt text

Any ideas how we can build this report to take the sum for each tokens used by date and license and determine the % utilized based on hard coded values such as the ones above? 890 for Quality Professional and 1000 for DOORS Analyst?

I’m very new to Splunk so any help would be appreciated.

Here’s the search info for the report

index=_* OR index=* sourcetype=lmgrd Tokens=*OUT | convert timeformat="%Y-%m-%d" ctime(_time) AS date | convert `num(TokensInOut) | stats sum(TokensInOut) as TotalTokensOut by date, License, Jazzrole`

which displays

Date License JazzRole TotalTokensOut

Thanks!

Tags (1)
Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-18-2018 10:36 AM

You can do like this

index=_* OR index=* sourcetype=lmgrd Tokens=*OUT | convert timeformat="%Y-%m-%d" ctime(_time) AS date | convert `num(TokensInOut)` | stats sum(TokensInOut) as TotalTokensOut by date, License, Jazzrole
| eval TotalTokens=case(Jazzrole="Quality Professional",890", Jazzrole="Doors Analyst",1000,...other roles)
| eval TokenUtilization=(TotalTokens-TotalTokensOut)*100/TotalTokens

It would be easier if you can put the TotalTokens for a Jazzrole in a lookup table, say Jazzrole_tokens.csv with field Jazzrole and TotalTokens. Once you set it up, you can replace the line 3 of above search (eval TotalTokens) with this

| lookup Jazzrole_tokens.csv Jazzrole OUTPUT TotalTokesn

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-18-2018 10:36 AM

You can do like this

index=_* OR index=* sourcetype=lmgrd Tokens=*OUT | convert timeformat="%Y-%m-%d" ctime(_time) AS date | convert `num(TokensInOut)` | stats sum(TokensInOut) as TotalTokensOut by date, License, Jazzrole
| eval TotalTokens=case(Jazzrole="Quality Professional",890", Jazzrole="Doors Analyst",1000,...other roles)
| eval TokenUtilization=(TotalTokens-TotalTokensOut)*100/TotalTokens

It would be easier if you can put the TotalTokens for a Jazzrole in a lookup table, say Jazzrole_tokens.csv with field Jazzrole and TotalTokens. Once you set it up, you can replace the line 3 of above search (eval TotalTokens) with this

| lookup Jazzrole_tokens.csv Jazzrole OUTPUT TotalTokesn
0 Karma
Reply
Solved! Jump to solution

mangelastro
Observer
‎02-18-2018 01:28 PM

Thanks! that worked great. Had to switch some things around as far as the math but its working great.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...