All Apps and Add-ons

Query for Exact Splunk License count

ibob0304
Communicator

I have this query which I modified to get the count of indexes each, but when i total all the indexes the sum is not matching with the splunk license used under System -> license tab in browser.

index=_internal source="*license_usage.lo*" type=Usage | table _time,  h, idx, b | eval ba = b/1024000 |timechart span=1d sum(ba) by h

and another

index=_internal source=*metrics.log group=per_index_thruput  | timechart span=1d sum(eval(kb/1024)) AS "MB indexed" by series

this is a huge difference like 300mb - 400mb compared to the system license and query output. But somedays it comes almost same with little difference.

0 Karma

woodcock
Esteemed Legend

Splunk v6.2 debuted the Distributed Management Console (DMC), now simply Management Console (MC) which can be configured on a Search Head. It almost completely replaces the Splunk-on-Splunk (S.O.S) and Splunk Deployment Monitor apps for most cases. The Licensing stats are gathered via a REAST API using the rest command | rest splunk_server=youSplunkLicenseMaster.local /services/licenser/pools but this is only available to admins. Read more about it here:
http://docs.splunk.com/Documentation/Splunk/6.2.3/Admin/ConfiguretheMonitoringConsole.

SPECIAL NOTE: if you add your License Master as a search peer to your MC, then the License views will work, otherwise not.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...