Splunk search for Top 5 license usage by host
Copy
index=_internal source=*license_usage.log type="Usage" | stats sum(b) AS Volume by h | eval GB=round(Volume/1024/1024/1024,5) | table h GB | rename h as Host, GB as "GB Used" | sort - GB | head 5
This is a Splunk search to show the top license consuming hosts. The search will show the top 5 hosts that have sent the most data to the Splunk indexers and will show how much data, in GB, has been ingested.