Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to search the license usage per index per department?

arjangoos
Path Finder
‎10-27-2016 04:38 AM

I want the license usages per index per department.

department 1 has indexes:

idx             volume
acc_jboss       100
prod_jboss      150
test_jboss      50

department 1 volume is 300

department 2 has indexes

idx             volume
prod_network    1000
acc_network     509
test_network    100

department 2 volume is 1609

0 Karma
Reply

somesoni2
SplunkTrust
SplunkTrust
‎10-27-2016 08:23 AM

Step 1: Create a lookup table file, say dept_index_lookup.csv with field department,index

department,index
...................................
dept1,acc_jboss
dept1,prod_jboss
dept1,test_jboss
dept2,prod_network
dept2,acc_network
dept2,test_network

Step 2 : Search License usage search like this 

index=_internal source=*license_usage.log type=usage | stats sum(b) as usageGB by idx | eval usageGB=round(usage/1024/1024/1024,2)  | rename idx as index | lookup dept_index_lookup.csv index OUTPUT department | table department index usageGB
0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...