The Current usage relative to license section gives you an indication of your usage at the current moment and whether you are going above or below your contracted values.

If you're exceeding your contract, the panel will indicate this with a warning.

The calculations displayed on this page do not apply to Falcon Long Term Repository. For information on your Falcon Long Term Repository license usage, please refer to the Usage Reports page in the Falcon documentation.

Figure 20. Current Usage

In the Ingest over time chart, you can get an overview of ingestion within a selected time period.

Average ingest per day is calculated as a 30-day moving average. This means, for example, that the value shown for the 15th of July is the average daily ingest in the period 15th of June to 15th of July. This is to allow for spikes in ingest.

The ingest chart also shows the license limit, and an indication for which periods the rolling average has passed the limit.

Figure 21. Ingest Over Time With Spikes Example

You can select a single date, which will update the data shown in the repository table.

In the Stored data over time chart, you can get an overview of the storage usage within a selected time period.

The storage chart will also show the license limit and indicate for which periods the storage has passed the limit.

Figure 22. Stored data Over Time

As was the case for the ingest chart, you can select a single date, which will update the data shown in the repository table.

For both ingest and stored data, you can get an overview of the usage data based on the repositories that the data is in.

The data shown in the table correlates with the selected year, month and day from the chart.

In the table, you are able to search for specific repositories and sort based on name and value to get a better idea of which repositories have the most or least usage.

From the table, you can navigate to each repository or run a usage query in humio-organization-usage, which will show logs for that particular repository (#repo=NAME_OF_REPO.).

Figure 23. Repository Table

Ingested data is the amount of data in bytes after it was parsed in LogScale.

Stored data is the amount of data that you have stored in LogScale, in bytes.

Scanned data is the amount of data that was searched through when running queries. Every time a query runs, LogScale measures the amount of data it needs to look into to answer the query.

The number of users your contract limits you to, if any.

LogScale logs data volumes in multiple repositories. Use them to run audits to see how much data you ingest, which repositories it went to, and how much you are storing.