License Usage by Index per Day

The following Splunk search query will output license usage for each index for each day for the week to date. It will also output an average for each index over the course of the given time period.

 

Updated / Revised – 8/12/2016

Share This:

Comments

  1. Samthegeek

    index=_internal source=*license_usage.log type=”Usage” splunk_server=* earliest=-1w@d | eval Date=strftime(_time, “%Y/%m/%d”) | eventstats sum(b) as volume by idx, Date | eval GB=round(volume/1024/1024,5)| timechart first(GB) AS volume by idx

    I tried to modify this search to use GB (gigabyte instead of MB megabyte) but the numbers did not change so I am guessing I missed something. I am using a last 7 day window for the search. Can someone please point me in the right direction. thanks.

    1. SplunkNinja

      Samthegeek,
      You’ll want to add in the additional math for GB.
      | eval MB=round(volume/1024/1024,5)
      | eval MB=round(volume/1024/1024/1024,5)

      As you can see above you simply divide by another 1024 to go from MB to GB.

      Thanks!

Leave A Comment?