License source not up to date

jgauthier · ‎09-12-2012

I noticed today that my license audit source is not up to date:

index=_internal source=*license_audit.log

This does not have any data since 09/08/2012... but I have on idea why.

Any ideas for me?

MHibbin · ‎09-12-2012

Hi there,

I would take this as good news, as the license_audit.log file is used for tracking license violations (i.e. when you go over the limit).

I think you are looking for license_usage.log, this tracks your general usage.

Please see the following docs for reference...

http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/WhatSplunklogsaboutitself

Regards,

MHibbin

MHibbin · ‎09-12-2012

Try including your search query in backticks (e.g. "`").

Which version of Splunk are you using? Have undergone an upgrade... The following provides differences between versions of SPlunk and checking license usage etc.
http://wiki.splunk.com/Community:TroubleshootingIndexedDataVolume

jgauthier · ‎09-12-2012

Bah, that has an asterisk before license_audit.log that the web form has removed on my behalf.

jgauthier · ‎09-12-2012

This query:
index=_internal todaysBytesIndexed LicenseManager-Audit source=*license_audit.log | eval Daily_Indexing_Volume_in_MBs = todaysBytesIndexed/1024/1024 | bucket _time span=1d | stats avg(Daily_Indexing_Volume_in_MBs) AS UsageMB first(licenseSize) AS LicenseSize by _time host | eval UsagePercent=UsageMB/(LicenseSize/1024/1024)*100 | eval UsagePercent=round(UsagePercent, 2) | table _time host LicenseSize UsageMB UsagePercent

Which I have used for over a year no longer works.
And no, I'm not over my licensing... and I haven't been.. .but this query always worked.

License source not up to date

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!