martin I can't get internet access on that Linux VM box i'm using... Frustrating... I needed to vary from the standard dashboards that i am creating because they are in time frames longer than prescribed.

Have you looked at the License Report in the Deployment Monitor app? Maybe that's what you need in a neat pre-built package.

The answer is yes, why not.

You can add you own lines at the end of the file, and they will be indexed to _internal.
However be aware that this is not the way splunk calculates the license volume, those logs are a report only. But it can be enough for your dashboards tests

Also if you want to be close to the truth, do not forgot to add the 2 types of events (details of volume all over the day, and the daily sum per pool.)

I am trying to build dashboard offline to count license usage. I can't bring the work in. I can only build it via remotely. The client isn't aware of what he would like to do with splunk other than checking out on the $$ it costs. I just want to be able to input data into this file in Splunk's convention and sourcetypes so i can build dashboards off it and then the user just have to copy and paste my Customized app for him to use. No need to worry about it not being able to work in a new setup if the 1st server fails.

Yeah, I feel like you have an idea to test something but really what you want to do is maybe run a data generator which outputs the same format data into another log?

What are you trying to achieve?