Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to check the total consumption out of the 500MB provided by free splunk?

hishamjan
Explorer
‎02-18-2021 12:56 AM

Hi,

 

In my production environment, I have two Asterisk Servers installed where one of them caters to 95% of the data while the other caters only 5%.

I successfully installed Splunk Universal Forwarders on my two Asterisks and was able to index data from the 5% server. Now, I want to index similar data from the 95% server as well but, I'm not sure how much quota has been consumed so far out of the 500MB and indexing the 95% server might exceed the limit.

 

Is there a way to figure out how much out of the 500MB is used and how much Is left?

 

Any help will be appreciated.

Labels (4)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aasabatini
Motivator
‎02-18-2021 02:34 AM

Try this

 

index=_internal source=*license_usage.log | eval GB=b/1024/1024/1024 | stats sum(GB) by h | sort -sum(GB)

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

View solution in original post

Reply
Solved! Jump to solution

aasabatini
Motivator
‎02-18-2021 01:14 AM

Hi,

 

you can check on the menu  settings under the voice licensing.

aasabatini_0-1613639553528.png

Or you can check the consumption by this search:

1
index=_internal source=*license_usage.log type="Usage" splunk_server=* earliest=-1w@d | eval Date=strftime(_time, "%Y/%m/%d") | eventstats sum(b) as volume by idx, Date | eval MB=round(volume/1024/1024,5)| timechart first(MB) AS volume by idx
“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
0 Karma
Reply
Solved! Jump to solution

hishamjan
Explorer
‎02-18-2021 01:44 AM

Hi, 

Thank you for your reply. This somewhat answers my question because this query you just shared is showing me the percentage of data consumed by the Indexer itself and not by the Forwarder (95% and 5%) servers.

The Licensing also shows the data consumed today by the indexer as well only.

I'd like to see the data consumed by the forwarders, for now, can we achieve that as well? 

Thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

aasabatini
Motivator
‎02-18-2021 02:34 AM

Try this

 

index=_internal source=*license_usage.log | eval GB=b/1024/1024/1024 | stats sum(GB) by h | sort -sum(GB)

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Reply
Solved! Jump to solution

hishamjan
Explorer
‎02-18-2021 04:38 AM

Screenshot 2021-02-18 at 5.00.01 PM.png

These are supposed to be added right? Otherwise, it seems as if it is 500MB per h which doesn't make sense to me..

 
 
Tags (1)
0 Karma
Reply
Solved! Jump to solution

aasabatini
Motivator
‎02-18-2021 04:48 AM

Sorry but I don't understand your point.

 

you have 500Mb free license for all the forwarders, the search show you the  license consumption by forwarder,  if you sum your values you have a total of  less than 300 Mb.

 

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
0 Karma
Reply
Solved! Jump to solution

hishamjan
Explorer
‎02-18-2021 05:01 AM

Thanks a lot, I've got your point

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...