Splunk 取得License使用量

Posted on 2013 年 02 月 07 日 by cowman.chiang

假設是要取得目前使用量
index=internal source=*metrics.log group=per_index_thruput NOT (series=* OR series=*summary) starttime=02/07/2013:00:00:00 | timechart span=1d sum(eval(kb/1024)) AS "MB indexed" by series

基本上就是限制starttime的起始為當日的00:00:00
(starttime format為 %m/%d/%Y:%H:%M:%S)

如果是要取得最近幾天的License Usage
index=_internal source=*license_usage.log type=RolloverSummary earliest=-7d
| eval GB = b/1024/1024/1024
| eval _time = _time - 43200
| timechart span=1d sum(GB) AS "Total GB used"

Ref Site: http://splunk-base.splunk.com/answers/65311/daily-license-usage-by-index-across-all-indexers

This entry was posted in Splunk. Bookmark the permalink.