All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk on Splunk: How to find who is using up our license and why isn't it working for all indexers?

splunksurekha
Path Finder
‎01-23-2015 02:31 AM

Hi,

I have installed SOS app but am unable to find who is using up our license and why it isn't working for all indexers
Need your help here asap. If you need more details let me know.

Though 13 months older data is getting deleted on regular basis.

Thanks
Surekha

0 Karma
Reply

bmacias84
Champion
‎08-25-2015 07:32 PM

Are you using splunk 6.1 or higher. Consider setting the Splunk management console.

This may give you want you want. http://docs.splunk.com/Documentation/Splunk/6.2.0/Admin/ConfiguretheMonitoringConsole

0 Karma
Reply

rphillips_splk
Splunk Employee
Splunk Employee
‎08-25-2015 04:09 PM

You can view license usage from the license master : 

https://127.0.0.1:8000/en-US/manager/search/licenseusage

from here you can split by source, sourcetype, index, host etc..

0 Karma
Reply

kendrickt
Path Finder
‎01-23-2015 03:44 AM

Have you tried running the Splunk built in report to see what's heavy on your indexers?

index=_internal source=*license_usage.log type="Usage" | eval h=if(len(h)=0 OR isnull(h),"(SQUASHED)",h) | eval s=if(len(s)=0 OR isnull(s),"(SQUASHED)",s) | eval idx=if(len(idx)=0 OR isnull(idx),"(UNKNOWN)",idx) | bin _time span=1d | stats sum(b) as b by _time, pool, s, st, h, idx
Reply

splunksurekha
Path Finder
‎01-27-2015 12:19 AM

Hi,

This query doesn't return me any result. Says No Result Found.
Can you please help me in knowing this frm the server/backend level meaning from the idx servers and going to the licenseusage.log file. Because i can view the log file. Is there anything which i can look for in the license_usage.log file to know who is consuming more.

Thanks
Surekha

0 Karma
Reply

mikelanghorst
Motivator
‎08-07-2015 09:42 AM

splunksurekha -
Are you either running the search on your License Master or are you sure that the license master is forwarding to your indexers? Looking at the license log itself it going to be to be difficult, since it's only reporting in small increments. Something like the search kendrickt gives is what you'll need to show how it adds up.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...