Can someone help me include sourcetype to my search below? I am trying to run a report for the past 60 days and need it by Sourcetype or Host. However, I don't see sourcetype as a field to choose from. I know Splunk has a license usage report but I'm needing the data behind it and for the past 60 days.
Here is my search string.
index=_internal source=*license_usage.log* type=Usage | timechart span=1d sum(b) as bytes | eval GB = round(bytes/1024/1024/1024,2)
Thank you
↧