License and Storage Usage Dashboard

This relies on the search posted earlier: This will display storage and license usage broken down by groups, predefined in the chargeback app customers.csv <form> <label>License and Storage Usage</label> <fieldset submitButton=”false”> <input type=”dropdown” token=”grouppicker”> <label>Group</label> <choice value=”Group1″>Group1</choice> <choice value=”Group2″>Group2</choice> <choice value=”Group3″>Group3</choice> <choice value=”Group4″>Group4</choice> <choice value=”Group5″>Group5</choice> <choice value=”Group6″>Group6</choice> <choice value=”*”>All Groups</choice> <default>*</default> </input> </fieldset> <row> <panel> […]

Continue Reading →

Build License usage by Group

This was cobbled together from multiple searches I found. This search feeds the license and storage dashboard posted here: It relies on the Chargeback app for the customers.csv form. index=_internal source=*license_usage.log type=”Usage” earliest=-30d@d latest=@d | eval indexname = if(len(idx)=0 OR isnull(idx),”(UNKNOWN)”,idx) | eval sourcetypename = st | bin _time span=1d | stats values(poolsz) as poolsz […]

Continue Reading →

Show how much disk space is used by _internal

The following Splunk query will return disk space used by the _internal index. index=_internal source=*license_usage.log type=Usage | eval gb=b/1024/1024/1024 | timechart span=1d sum(gb) as GB by host useother=false | untable _time host gb | top limit=1 host | join time [ search index=_internal source=*license_usage.log type=Usage | eval gb=b/1024/1024/1024 | timechart span=1d sum(gb) as GB by […]

Continue Reading →

License Usage Prediction

There is an older Splunk query here that had previously predicted license usage. I’m not sure why (perhaps the predict command has changed since the original post in 2015?), but the query is no longer working. I’ve updated the query to predict Splunk license usage using the Splunk predict command as shown below: index=_internal source=”*license_usage.lo*” […]

Continue Reading →