icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Utilization Monitor for Splunk (SUM)
SHA256 checksum (utilization-monitor-for-splunk-sum_210.tgz) 4c71b0fe708815286920acbae1e8533d023a5aba28f29de7b92e8714ebc20ce1 SHA256 checksum (utilization-monitor-for-splunk-sum_200.tgz) 90e8d6c7af4a049f0353a8e57051ea3017fc4399372a97d06dff35a33674ca3e SHA256 checksum (utilization-monitor-for-splunk-sum_170.tgz) 85b2456e70ba465d8ef9fa2fb3f64eb03105aae3ed6ca3d98e9e274e1ff9bc72 SHA256 checksum (utilization-monitor-for-splunk-sum_162.tgz) 6a8809a084e98d51822e53e7182469587a768f3331ea6a1d8cfa49492d13c0e2 SHA256 checksum (utilization-monitor-for-splunk-sum_161.tgz) 149943c5bb329a98f05e4c7ba55f96021c5f5ff36b9419b08dede572ceb4a8b3 SHA256 checksum (utilization-monitor-for-splunk-sum_160.tgz) 10ab97eab60dd8260e3484d51fdd610458d7658a4f6759e98203e3282d4ea806 SHA256 checksum (utilization-monitor-for-splunk-sum_151.tgz) cabd69c08758e7ff7aed208b1c5d294044cb3fbad6a5f98c49363122b03c8040 SHA256 checksum (utilization-monitor-for-splunk-sum_150.tgz) ef27e7f3b9f1db44b94a45ad6d27fdfbde94d7d7322be190b8f739ba669b3e80 SHA256 checksum (utilization-monitor-for-splunk-sum_140.tgz) b85736cf5ccdb29835da400ec3bfd885b42b3589cd8275b6eb977e09b165b778 SHA256 checksum (utilization-monitor-for-splunk-sum_131.tgz) 90bc37403d919354cedb291a037ab0351bfd89a01c2741f0dda15b923fcbf1cf SHA256 checksum (utilization-monitor-for-splunk-sum_130.tgz) 9d5a505ccea4c0b4a446fdef9037b4e07ee7ce23ff7c5ed118cacdf230cd5e64 SHA256 checksum (utilization-monitor-for-splunk-sum_120.tgz) 83c7039f7007f459ddaf44044a3c6fc4f3e56053b5c0c552cc6cbf983d2e7443 SHA256 checksum (utilization-monitor-for-splunk-sum_110.tgz) cb2f7bcbd1c97a5be07a2da6ab6a2dcd7285fc0cba1d80e1682649df3fdcb2df SHA256 checksum (utilization-monitor-for-splunk-sum_100.tgz) da2ed7de0e9eba1ee77c2d35eb993c09501d3e9e3f40c130c3be4c2ceb9c81ab
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Utilization Monitor for Splunk (SUM)

This app has been archived. Learn more about app archiving.
This app is NOT supported by Splunk. Please read about what that means for you here.
Utilization Monitor for Splunk allows you to quickly and easily analyze utilization in your Splunk environment. Use it proactively for capacity planning, or reactively to diagnose the cause of a license warning before it becomes a violation. Plan a new Splunk indexer cluster deployment, see problems in your Splunk environment related to searches, and much more!

Utilization Monitor for Splunk

Allows you to quickly and easily analyze utilization in your Splunk environment. Use it proactively for capacity planning, or reactively to diagnose the cause of a license warning before it becomes a violation.

Version History

  • See the Home page of the app for full vesion history - separate build notes will be included in a future release
  • Version 1.7.0 Added the "Indexer Cluster Calculator for Storage and Serers" as well as the "Splunk Forwarder Versions" report
  • Version 1.6.2 Added new drop-downs on the "License Usage Dashboard" dashboard on the "Total Usage Overview" panel and fixed a mising pool= filter in two other panels
  • Version 1.6.1 Changed the name to comply with Splunk App Naming Conventions
  • Version 1.6.0 fixed the "Search Head Utilization by App/View" dashboard, added a drop-down for "Splunk Server" to all Search Head Dashboards, added icons for SUM, and changed the navigation bar color
  • Version 1.5.1 added Client IP Address to "Search Head User Logins/Logouts" and fixed Splunk 6.2 compatibility with the "Search Head User Logins/Logouts" dashboard
  • Version 1.5.0 added the "Search Head Utilization by App/View" dashboard, the "Search Head Scheduled PDF Delivery Errors" dashboard, added new panels to the "Search Head Scheduler Utilization" dashboard, and updated names in the navigation menu
  • Version 1.4.0 added "Search Head Scheduler Utilization" dashboard and renamed navigation drop-down menus
  • Version 1.3.1 removes rollover data from the License Usage dashboard (thanks jkleensang!)
  • Version 1.3 introduced a "User Login/Logout Dashboard" and "Search Head Utilization by User" dashboard
  • Version 1.2 changed "Total License Usage" and "Total License Usage over Time (MB)" to use license_usage.log instead of metrics.log.
  • Version 1.1 added several new charts to the License Usage dashboard.
  • Version 1.0 introduced an in-depth license utilization dashboard (by index, host, sourcetype, source, splunk server, etc.) and an empirical analysis of the storage requirements for your current Splunk indexes.

Additional features, dashboards, and reports will be added in future versions. Please contact mason.s.morales@gmail.com with any feature requests or bug reports.

Installation notes

In a master-slave setup, SUM should be installed on the license master, or on a system that is configured to perform distributed search across any peers that would have index=_internal files.


Users of this app need to be able to search index=_internal. This can be done using the admin user account, or may be added to a role by an admin by going to Settings -> Access controls -> Roles -> (Your Role) and adding the "_internal" to the "selected search indexes" under the "Indexes" section. Users of this app also need to have REST capability. The "admin" role with default settings is fully supported by this app.

Release Notes

Version 2.1.0
Jan. 21, 2016

Several new dashboards and features. Install and take a look at the Home page!

Version 2.0.0
Dec. 11, 2015

Version 2 of SUM! Completely updated for v6.3.1 of Splunk with new dashboards and a ton of improvements. The following are a few changes that have been made to the app:
Removed support for Splunk 5.x
Improved accuracy of the Indexer Cluster Storage Calculator, added Total Number of Disks Required, and changed some labels
Added support for computing storage requirements of the Enterprise Security (ES) data models to the the Indexer Cluster Storage Calculator
Added a new panel to the Empirical Storage Calculator that assesses your current retention periods, data sizes, etc. by index and splunk server
Fixed multiple panels in Search Head User Logins/Logouts Dashboard
Added Drill-down and Search Head Utilization by User Dashboard
Reduced load time to populate form inputs
Added Splunk user account information to drill-down of Search Head Utilization by User Dashboard
Added result counts to Search Head

Version 1.7.0
Sept. 15, 2015

Added "Forwarder Reports" to navigation
Added "Splunk Forwarder Versions" under Forwarder Reports
Renamed "Storage Requirement Calculator" to "Empirical Storage Calculator"
Added "Indexer Cluster Storage Calculator" under Capacity Planning

Version 1.6.2
June 25, 2015

Added new drop-downs on the "License Usage Dashboard" dashboard on the "Total Usage Overview" panel

Version 1.6.1
June 24, 2015

Updated to comply with new app naming requirements

Version 1.6.0
June 24, 2015

Added "Splunk Server" drop-down filter to all Search Head dashboards
Added Icons
Changed Navigation Bar Color
Fixed "Search Head Utilization by App/View" Dashboard

Version 1.5.1
April 23, 2015

The "Search Head User Logins/Logouts" now works as intended with Splunk 6.2.x
Added "Client IP Address" to the "Search Head User Logins/Logouts" dashboard

Version 1.5.0
April 22, 2015

Updated navigation menus
Added new view for search head utilization by app/views
Added new view for scheduled PDF delivery errors
Added new panel to search head scheduler utilization view
Renamed user login/logout dashboard

Version 1.4.0
April 17, 2015

Renamed "Splunk User Activity" to "Seach Head Utlization"
Renamed "Splunk Capacity Planning" to "Capacity Planning"
Added "Search Head Scheduler Utilization" dashboard
Added "Total Run Time and Count of Scheduled Searches by App, User, Scheduled Search Name" panel
Added "Count of Scheduler Errors and Warnings" panel

Version 1.3.1
April 10, 2015

License Usage Dashboard now excludes rollover information

Version 1.3.0
April 2, 2015
Version 1.2.0
March 30, 2015

"Total License Usage" and "Total License Usage over Time (MB)" now use license_usage.log instead of metrics.log.

Version 1.1.0
March 25, 2015

Fixed percentage calculation for license usage and added several charts to the license utilization dashboard.

Version 1.0.0
March 24, 2015

SUM v1.0.0 currently supports only license utilization analysis and empirical storage requirement analysis. Future releases will contain additional features, dashboards, and reports.

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.