Hi
I'm struggling to find out how to add an overlay or something that will display the daily license usage for specific indexes and the total daily license usage. I'd also like to add our current license volume as a horizontal line. Everything on one graph.
almost correct:
index=_internal source=*license_usage.log type=Usage
(idx=cust_1 OR idx=cust_l2 OR idx=cust_3OR idx=cust_4 OR idx=cust_5 OR idx=cust_6)
| timechart span=1d eval(round(sum(b)/1024/1024/1024,2)) AS "GB Used"
| appendcols [search index=_internal source=*license_usage.log type=Usage | timechart span=1d eval(round(sum(b)/1024/1024/1024,2)) AS "Total GB Used"]
another try:
index=_internal source=*license_usage.log type=Usage
(idx=cust_1 OR idx=cust_l2 OR idx=cust_3 OR idx=cust_4 OR idx=cust_5OR idx=cust_6)
| bucket _time span=1d
| stats sum(b) AS bytes by _time | eval GB = round(bytes/1024/1024/1024,2)
| appendcols [search index=_internal source=*license_usage.log type=Usage | bucket _time span=1d |stats sum(b) AS bytes by _time | eval GB1= round(bytes/1024/1024/1024,2)| eval limit = 500]
| table GB, GB1, limit
I'm not really sure it's the best way to do it, sure it lacks optimization :/
Any idea to fix this? thanks
↧