Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Metrics Licensing - What Classifies as an event?

tlscelsi
Engager
‎05-09-2019 07:30 PM

Hi all,

Just a quick question about licensing for metrics. I understand that there is a fixed size of 150 bytes for each event that gets indexed. What i was wondering was what is classified as an event. If i have raw data that comes in that looks like this:

Date=2019-05-10_02:24:12_+0000,collection=Network Interface,object=Network Interface,counter=Bytes Sent/sec,instance=veth32fe058,Value=0
Date=2019-05-10_02:24:12_+0000,collection=Network Interface,object=Network Interface,counter=Bytes Sent/sec,instance=vethab72d6b,Value=0
Date=2019-05-10_02:24:12_+0000,collection=Network Interface,object=Network Interface,counter=Bytes Sent/sec,instance=veth9713e61,Value=0
Date=2019-05-10_02:24:12_+0000,collection=Network Interface,object=Network Interface,counter=Bytes Sent/sec,instance=br-024d0abf8854,Value=0
Date=2019-05-10_02:24:12_+0000,collection=Network Interface,object=Network Interface,counter=Bytes Sent/sec,instance=eth0,Value=8253.44
Date=2019-05-10_02:24:12_+0000,collection=Network Interface,object=Network Interface,counter=Bytes Sent/sec,instance=veth0a123e0,Value=0
Date=2019-05-10_02:24:12_+0000,collection=Network Interface,object=Network Interface,counter=Bytes Sent/sec,instance=vethad472a8,Value=0
Date=2019-05-10_02:24:12_+0000,collection=Network Interface,object=Network Interface,counter=Bytes Sent/sec,instance=docker0,Value=0

That is then parsed so that each line becomes a data point within the metric index, does that mean i consume one set of 150 bytes from my license, or is it 150 bytes for each line that is parsed into the index? In this case there are 8 lines, does this mean i am charged 150 * 8 bytes from my license?

My current understanding is that this set of incoming data would corresponds to 8 150 byte chunks of license being charged. Am i correct?

Thanks in advance!!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-09-2019 08:16 PM

You are correct. Each line is a separate event.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-09-2019 08:16 PM

You are correct. Each line is a separate event.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

tlscelsi
Engager
‎05-12-2019 10:55 PM

Hey Rich,

Thanks for confirming my suspicions. As a follow up question, for instance if from each of those events I extracted TWO metrics, would that then count as 16 * 150bytes?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-13-2019 06:06 AM

Any given event in a metrics index can contain a single metric.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...