Calculating Splunk License Usage Based on a condit...

anandhalagaras1 · ‎04-08-2021

Hi Team,

I am aware that we can able to pull the license usage stats in splunk for index, host and sourcetype for a day. But whereas I want to pull the license usage stats in GB for last 30 days.

I have two requirement seperately to pull the exact license usage stats for last 30 days in Splunk.

1.)The first one would be based on the app and severity of how much logs are ingested in GB for last 30 days for both the index.

index=abc OR index=xyz app IN (splunk,"Splunk-Daemon") severity=informational

================================================================================

2.) The second condition would be based on a index for two sourcetypes with a particular keyword.

2.) index=abc sourcetype IN ("efg","ijk") "www.splunk.com*"

So for each requirement how can I be able to pull the license usage in Splunk for last 30 days. Kindly help on the same.

anandhalagaras1 · ‎04-15-2021

Hi Team,

Can anyone help on my query please.

anandhalagaras1 · ‎04-08-2021

Can anyone help on my query please.

Calculating Splunk License Usage Based on a condition

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

Calculating Splunk License Usage Based on a condition

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey