Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I stay on top of what sources are consuming my license?

the_wolverine
Champion
‎06-17-2010 05:06 PM

I keep getting bitten by license violations and its always something new that is triggering this. Is there some way for me to better monitor my license usage so that I can stay on top if it?

I've gone under Manager >> License >> and clicked on "indexing volume search view" where I would expect to get a nice overview of my indexing activity and volume but I can only get a breakdown.

Reply
1 Solution
Solved! Jump to solution
Solution

the_wolverine
Champion
‎06-17-2010 05:14 PM

The Splunk License Usage app written by Splunk user, joshs, is a very useful app for this purpose. It can be downloaded directly from Splunkbase: http://www.splunkbase.com/apps/All/4.x/App/app:Splunk+License+Usage

If your Splunk instance has access to the Internet, you can install the app from the UI by doing the following:

1) Log into your Splunk UI as an Admin user.

2) Go to Manager >> Apps >> and click on "Browse Splunkbase for more apps.."

3) Browse to the Splunk License Usage app and download it (You will need a registered login username/password for Splunk.com - this is different from any login on your Splunk instance.)

There is no need to restart Splunk. You can start making use of the app's custom searches and dashboards immediately by browsing to the App in Splunk UI.

View solution in original post

Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎06-17-2010 09:17 PM

Is there a reason why the indexing volume view is not helpful?

The 'split by' pulldown defaults to 'index', but you can easily change it to 'source'.

At that point it should be a pretty good tool to quickly determine what sources are coming at unexpectedly high data rates.

  • Go to the view, either clicking the link on the license page in manager, or going to 'Status>Index Status>Indexing Volume"

  • change 'Index' to 'Source'

  • click on some sources to see a timechart of that source's throughput over on the right side.

  • click the bars in that timechart to see (roughly) the events that were coming in at that time, to maybe figure out why there was a big spike there...

Certainly we created that view to be useful for things like this, so Im definitely interested to hear how in this case its not useful, or how it's not what it could be.

Reply
Solved! Jump to solution
Solution

the_wolverine
Champion
‎06-17-2010 05:14 PM

The Splunk License Usage app written by Splunk user, joshs, is a very useful app for this purpose. It can be downloaded directly from Splunkbase: http://www.splunkbase.com/apps/All/4.x/App/app:Splunk+License+Usage

If your Splunk instance has access to the Internet, you can install the app from the UI by doing the following:

1) Log into your Splunk UI as an Admin user.

2) Go to Manager >> Apps >> and click on "Browse Splunkbase for more apps.."

3) Browse to the Splunk License Usage app and download it (You will need a registered login username/password for Splunk.com - this is different from any login on your Splunk instance.)

There is no need to restart Splunk. You can start making use of the app's custom searches and dashboards immediately by browsing to the App in Splunk UI.

Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...