Is there a parameter using which we can filter the licenses from the below command ? I need to filter and check only enterprise license is applied or not during my script (shell script), is there a way I can pass any parameter like stack_id etc? or it should be done via linux commands ?
filter only one pool, check the size and see compare it with the actual size and understand if all the license files are applied properly.
No manual intervention.
can't see anything here : https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/LicenserCLIcommands
splunk list licenser-pools
auto_generated_pool_enterprise
description:auto_generated_pool_enterprise
effective_quota:123456
is_unlimited:0
quota:MAX
slaves:
stack_id:enterprise
used_bytes:1234
auto_generated_pool_forwarder
description:auto_generated_pool_forwarder
effective_quota:123456
is_unlimited:0
quota:MAX
slaves:
stack_id:forwarder
used_bytes:0
auto_generated_pool_free
description:auto_generated_pool_free
effective_quota:123456
is_unlimited:0
quota:MAX
slaves:
stack_id:free
used_bytes:0
Hello @test_splunk15 ,
you can start with this line and add more logic (like calculate the ratio, or check if a trial license still be used, convert bytes to MB/GB, etc.):
splunk list licenser-pools | awk '/description:auto_generated_pool_enterprise/' RS= |grep -e effective_quota -e used_bytes|sed 's/^\s*//'
awk extracts the text block from description:auto_generated_pool_enterprise to the next blank line, grep filters both lines and sed removes blanks in front of test.
Output:
effective_quota:53687091200
used_bytes:798031
Please let me know if it works
P.S. I wonder if it all can be done with SPL only from the SH for all splunk instances which send internal logs to the index layer
Hello @test_splunk15 ,
you can start with this line and add more logic (like calculate the ratio, or check if a trial license still be used, convert bytes to MB/GB, etc.):
splunk list licenser-pools | awk '/description:auto_generated_pool_enterprise/' RS= |grep -e effective_quota -e used_bytes|sed 's/^\s*//'
awk extracts the text block from description:auto_generated_pool_enterprise to the next blank line, grep filters both lines and sed removes blanks in front of test.
Output:
effective_quota:53687091200
used_bytes:798031
Please let me know if it works
P.S. I wonder if it all can be done with SPL only from the SH for all splunk instances which send internal logs to the index layer
Hi @PavelP , thanks for the above.
I've done similar works fine. However I wanted to understand from Splunk filters. Looks like there are nothing.
Thanks again for your inputs.
Hi @test_splunk15
there are license usage section in the monitoroing console (MC) , here is an example based on the REST (replace host1 with your server):
| rest splunk_server=host1 /services/licenser/pools | rename title AS Pool | search [rest splunk_server=host1 /services/licenser/groups | search is_active=1 | eval stack_id=stack_ids | fields stack_id] | join type=outer stack_id [rest splunk_server=host1 /services/licenser/stacks | eval stack_id=title | eval stack_quota=quota | fields stack_id stack_quota] | stats sum(used_bytes) as used max(stack_quota) as total | eval usedGB=round(used/1024/1024/1024,3) | eval totalGB=round(total/1024/1024/1024,3) | eval gauge_base=0 | eval gauge_danger=totalGB*0.8 | eval gauge_top=totalGB+0.001 | gauge usedGB gauge_base gauge_danger totalGB gauge_top
additionally/alternatively you can parse license_usage.log log directly:
index=_internal source=*license_usage.log
Thanks @PavelP
by the way this result format is specified in any file or its text format by default?