Daily License Usage by Host

ijaffry · ‎07-16-2012

I want to see my daily usage but have it list by host instead of date.

lguinn2 · ‎07-16-2012

Try

index=_internal source=*license_usage.log type=Usage 
| stats sum(b) as bytes by h 
| eval MB = round(bytes/1024/1024,1)
| fields h MB
| rename h as host

If you take a look at the license_usage.log, you will see lots of different ways that you can break down this report...

splunker12er · ‎06-20-2014

This query would show the results for total (When we selected the time as 'All Time')

Select the time range accordingly to the splunk local time on the license server to get the daily license usage per host

landen99 · ‎08-24-2015

What does it mean with this message (searching Today)?:

index=_internal source=*license_usage.log | head 99

Events (1)
08-24-2015 09:17:26.423 -0700 INFO LicenseUsage - type=Message - License usage logging not available for slave licensing instances, please see license_usage.log on license master=https://***:8089 for usage breakdown

somesoni2 · ‎08-24-2015

The license usage logs are available in License Master node. If your search head doesn't contain license OR in other words, you've a separate license master node (which is definitely the case per the error that you receive), The license usage logs is not available in the Search Head directly. What you can do is forward the logs from your license master node (mentioned in your log), to forwarder the data to Indexers, so that Search Head can access it.

Daily License Usage by Host

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases