Alerting

Is there a way to create an alert to notify us if the license is going to expire for a heavy forwarder?

kiran_mh
Explorer

Hi

Is there a way an alert can be created to notify us about the license expiration of a heavy forwarder?
For example, we want to get notified when the license for heavy forwarder is about to expire in say 30 days...?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Do you've a separate license master OR each Heavy forwarder and Indexer in your setup has licenses installed in them?

0 Karma

kiran_mh
Explorer

We don't have a license master , each heavy forwarder have licenses installed in them itself....

0 Karma

ryanoconnor
Builder

The following search should be what you need:

|rest /services/licenser/licenses | search status=VALID label!="Splunk Forwarder" AND label!="Splunk Free" | eval time_to_expire(days)=(expiration_time - now())/86400 | table time_to_expire(days) | search "time_to_expire(days)"<30

Depending on how your licenses are set up, this may need to be modified slightly, but on a test instance with just one Splunk License installed, this works the way you'd expect.

0 Karma

kiran_mh
Explorer

thanks for your reply ryanoconnor.....but I m not getting results when I run the query

Currently we have 8 heavy forwarders and 1 deployment server in our instance, splunk cloud 6.4

0 Karma

ryanoconnor
Builder

Is the deployment server also a license master?

0 Karma

ryanoconnor
Builder

The search I provided you should be able to run directly from your license master (if you have one on prem) or if each Heavy Forwarder has it's own license installed, you could run it on each one. I would highly recommend setting up a license master if you don't have one already.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...