Solved: Query to find the license usage by a particular ho...

mintughosh · ‎02-12-2017

I need to know the license usage of 5 indexes on a daily basis. All the options I have been trying gives me the license usage of all the indexes.

lquinn · ‎02-12-2017

In the license usage logs there is a field called idx which denotes the index that the data is being written to. Doing a sum of the bytes field (b) by idx will give you the license usage per index:

index=_internal source="*license_usage.log" | stats sum(b) by idx

If you wanted to know the total for the five indexes, simply search for these indexes before doing the sum:

index=_internal source="*license_usage.log" idx="index1" OR idx="index2 OR idx="index3" OR idx="index4" OR idx="index5" | stats sum(b)

Similarly, "h" is the host field in the license_usage logs.

View solution in original post

lquinn · ‎02-12-2017

In the license usage logs there is a field called idx which denotes the index that the data is being written to. Doing a sum of the bytes field (b) by idx will give you the license usage per index:

index=_internal source="*license_usage.log" | stats sum(b) by idx

If you wanted to know the total for the five indexes, simply search for these indexes before doing the sum:

index=_internal source="*license_usage.log" idx="index1" OR idx="index2 OR idx="index3" OR idx="index4" OR idx="index5" | stats sum(b)

Similarly, "h" is the host field in the license_usage logs.

mintughosh · ‎02-14-2017

Thank you, !!! If I want to include host and index both on the same query. License usage for 5 indexes and 2 hosts on this query and the usage should be in GB on daily basis.

Query to find the license usage by a particular host or index on a daily basis

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk

Modern way of developing distributed application using OTel