DIY: Software Asset Management with the Splunk Enterprise Free Edition

I was once asked by a customer of mine if we could help with monitoring their software installs and usage. They had been a long-term customer of Splunk and been using it for multiple use cases already. The customer’s Splunk team knew there was a renewal coming up for a Software Asset Management software, and wondered if Splunk could solve this problem for them.

Definition: Software Asset Management, aka SAM, is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization.

Two main use cases of SAM

First of all, basic inventory (1) is required – that is, to find out if an organization is buying too many or too few licenses of common enterprise software, bearing high liability risks and can ultimately result in criminal charges. So it needs to be done right.

The second use is to optimize traditional on prem licenses and see if they are really being used (2). In case a end-user is not using a certain application for three months or longer - it might be possible to re-assign the license internally and gain additional efficiencies.

To prove this capability for the customer I outlined three questions that, if answered, would demonstrate how Splunk solves the Software Asset Management use cases on a single platform.

Getting Started

I have written a white paper in which you can find more information on the above mentioned questions, and details on the techniques you would use, including sample searches and dashboards to build them on your own. Steps are as follows:

• Get your copy of “Building your own Software Asset Management System with Splunk”

• Download Splunk Free with 500 MB of free daily indexing volume

• Check with the following search which host sends how many MB every day to adjust collection to your needs

                            index=_internal source=*license_usage.log type=Usage

                            | stats sum(b) as bytes by h

                            | eval MB = round(bytes/1024/1024,1)

                            | fields h MB

                            | rename h as host

If you don’t like to build it on your own and have it commercially supported - checkout our Partner uberAgent. They even do a nice auto-grouping of processes to applications if there are multiple versions. Here are some example outputs from the app that was built for my demo. You can easily do this your own:

When was the application last used?

Software Install Base Overview

Software Licensing Overview

Enjoy!

Johan