Splunk search for License usage for each index for each day week

Copy
index=_internal source=*license_usage.log type="Usage" splunk_server=* earliest=-1w@d | eval Date=strftime(_time, "%A") | eventstats sum(b) as volume by idx, Date | eval MB=round(volume/1024/1024,5)| timechart first(MB) AS Volume by idx
This search will show license usage per day for the past week. The search will separate out license usage by Index. The results of the search are best viewed as a line chart or a column chart.
0 comments

Category:

General Splunk


Tags:

Admin general internal license usage

Search Commands:

Sign in or Register to submit a comment