Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to install Enterprise Security, licensing and data ingestion

termcap
Path Finder
‎03-16-2021 03:40 AM

If I want to buy a subscription for on premise Splunk Enterprise Security, what is the way to go about ?

Some Questions:

1. Is Enterprise Security just an app that is to be installed on Splunk Enterprise or is it a separate Splunk bundle all together ?

2. If I install Splunk Enterprise Security on Splunk Enterprise, will it use the data ingestion license of Splunk Enterprise or will I have to buy a separate ingestion license for Enterprise Security ?

3. Does Splunk Enterprise Security care about the daily ingestion limit or its a function of the underlying Splunk Enterprise installation ?

4. Can I deploy Splunk Enterprise Security as follows:

  1. Install Splunk Enterprise and apply a daily ingestion license of xGB/day.
  2. Buy subscription for Splunk Enterprise Security, download the app and install it on my Splunk Enterprise install.
  3. In case I need to increase the ingestion limit, buy the upgraded license and install it on the Splunk Enterprise ?

5. Can anyone point out a ballpark figure for the price of Splunk Enterprise Security ? 

Thanks,

Termcap

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-16-2021 06:06 AM

Hi @termcap,

answering to your questions:

  1. No, buying 50 GBof Splunk and 50 GB of ES you haven't 100 GB you have 50 GB of Splunk and ES.
  2. Yes you have to upgrade both the products: Splunk Enterprise and ES;
  3. For my knowledge you cannot buy a different value for Splunk and ES;
  4. ES Installation requires a training on ES because it has some attentions to use in the installation process, e.g. differently to how you might think, the ES is not installed immediately after Splunk, but first all the TAs must be installed and then the ES.

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎03-16-2021 03:55 AM

Hi @termcap,

I try to answer to your questions:

  1. ES is a preimium App that you have to install on a Splunk Enterprise installation;
  2. You have to buy a license fo Splunk Enterpèrise and a license for ES, usually with the same dimension;
  3. ES is a Splunk Premium App, this means tha you are under the Splunk License agreement;
  4. Usually the license for ES is the same of Splunk Enterprise (in terms of dayly indexed data);
  5. For ES pricing, ask to your Splunk Sales, if you haven't you can ask to this URL https://www.splunk.com/en_us/software/pricing/cyber-security.html for an orientative idea, ES licensing is near the 50% of the Splunk Enterprise License, but it depends on many factors, so take care with this evaluation!

Beware that the ES installation isn't so immediate!

Ciao.

Giuseppe

Reply
Solved! Jump to solution

termcap
Path Finder
‎03-16-2021 05:24 AM

Thank you for the detailed reply @gcusello , can you please clarify further based on the following context.

Lets say I want to start with 50GB/day indexing limit, does this mean:

1. I have to buy a Splunk Enterprise License for 50GB/day and a Splunk Enterprise Security License for 50GB/day ? Will this mean that I have a total ingestion limit of 100GB/day ? 50GB for Splunk Enterprise and 50GB for Enterprise Security ?

2. If I want to now go from 50GB/day to 60GB/day, I need to buy additional 10GB/day for both Splunk Enterprise and Enterprise Security separately ?

3. Can I buy 50GB/day License for Splunk Enterprise and just 30GB/day License for Enterprise Security if I plan to use my Splunk setup for other purposes as well apart from Enterprise Security ? In this case I will only send ~ 30GB/day to Enterprise Security.

4. What do you mean when you say "Beware that the ES installation isn't so immediate!"

Thanks,

Termcap

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-16-2021 06:06 AM

Hi @termcap,

answering to your questions:

  1. No, buying 50 GBof Splunk and 50 GB of ES you haven't 100 GB you have 50 GB of Splunk and ES.
  2. Yes you have to upgrade both the products: Splunk Enterprise and ES;
  3. For my knowledge you cannot buy a different value for Splunk and ES;
  4. ES Installation requires a training on ES because it has some attentions to use in the installation process, e.g. differently to how you might think, the ES is not installed immediately after Splunk, but first all the TAs must be installed and then the ES.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...