thanks for quick replay mirkoneverstops and dkeck,
I can able to get the license usage report for last 30days and my _internal index retention period is 1 month due to this i'm not able to pull splunk license report for last 6 month. could you please provide the alternate way to pull the license report for last 6 month.

I'd suggest to use:
- a summary index (let's call it summary_internal or summary_adm) with 50 or more years time retention.
- a scheduled search which runs every night and collect license usage data into previously created summary index
The search SPL could be something like:

Daily Usage:
index=_internal earliest=@d latest=now source=license_usage.log type=RolloverSummary b>0|eval mytime=_time-86400|convert timeformat="%Y%m%d" ctime(mytime) AS real_date_ymd|stats latest(b) AS used_bytes latest(stacksz) AS stack_size by slave, pool, _time,real_date_ymd|eval metric_name="whateveryoulike"|collect index=mynewsummaryindex
**Note*: this should be executed at least 5 minutes past midnight.

This approach has many advantages:
- You can decrease time retention of index _internal which contains license usage stats
- Searches on summary index are much faster

Let me know if you need additional details.