Solved: Splunk indexing question

webelieve1111 · ‎05-28-2013

Hi,
I am trying to estimate how much indexing I would need from my setup for Splunk and was wondering exactly how indexing is calculated. I know from documentation that there are 2 types of files: compressed data and index files. For Splunk Free, would both the compressed data and index files count towards the 500MB/day or would it just be the index files?

Thanks!

Gilberto_Castil · ‎05-28-2013

Splunk licensing is measured by the volume of data consumed in a daily basis. If you consume 500MB of raw data, then your license will count 500MB.

The licensing is not measured by the amount of data you keep stored with your Splunk instance.

View solution in original post

bmacias84 · ‎05-28-2013

If you are using the free version of Splunk you can only index 500mb per day. The 500MB per day consists of raw data defined within your inputs.conf files on your indexers and forwarders and excludes Splunk internal logs.

To estimate how much data you will be indexing look at how large the log files are and multiply by number of logs. Do that for each set of logs for a rough estimate.

If you want to calculate disk storage requirements read this: EstimateIndexSize

Hope this helps and gets you started. CHeers.

Gilberto_Castil · ‎05-28-2013

Splunk licensing is measured by the volume of data consumed in a daily basis. If you consume 500MB of raw data, then your license will count 500MB.

The licensing is not measured by the amount of data you keep stored with your Splunk instance.

Splunk indexing question

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Data Management Digest – May 2026

Index This | What is feather-light but cannot be held long?

.conf26 Registration is Live: Secure Your Early Bird Pass Now

Join the Conversation