Hi,
We have the new type (non-enforcing) license for Splunk Enterprise (v6.5.3, on-prem).
On http://docs.splunk.com/Documentation/Splunk/6.5.3/Admin/Shareperformancedata#Why_send_license_usage_... documentation says: "Certain license programs require that you report your license usage. "
What does it mean, what kind of program (= App?) requires this usage reports? Because of internal regulations, we should disable all of these outgoing reports.
Regards,
István
Hi ikulcsar!
Just to be clear, simply installing v6.5.x does not mean you have a non-enforcement license, I will assume you know that and that you have worked with your Splunk account team to actually secure a non-enforcement license. In that scenario, your account team will need to review your usage periodically to ensure you have the right license size for the data you are ingesting.
In 6.5.x Splunk provides our customers the chance to send data back to Splunk, both to help product enhancement, and to make license reporting easier for those with non-enforcement or enterprise agreements.
You are completely free to disable that ability and to not send anything to Splunk, however you will likely need to manually report the usage every so often, which is what air gapped environments generally choose to do.
Hi ikulcsar!
Just to be clear, simply installing v6.5.x does not mean you have a non-enforcement license, I will assume you know that and that you have worked with your Splunk account team to actually secure a non-enforcement license. In that scenario, your account team will need to review your usage periodically to ensure you have the right license size for the data you are ingesting.
In 6.5.x Splunk provides our customers the chance to send data back to Splunk, both to help product enhancement, and to make license reporting easier for those with non-enforcement or enterprise agreements.
You are completely free to disable that ability and to not send anything to Splunk, however you will likely need to manually report the usage every so often, which is what air gapped environments generally choose to do.
Dear mmodestino,
Thanks for your answer. Currently, I have only limited information about how the sales processes have been handled, maybe you can help me a little.
So, the old, enforced license will continue to be available, In fact, this is the default?
The new, non-enforced license can be received after some kind of negotiation?
The previously linked documentation not too verbose is there any other documentation on this topic? Or maybe can you provide me some answers?
Such questions arose:
1.) what kind of data collected - well, it looks good in the doc, but the more information is, the easier it is for internal approval
2.) where the data been sent: url/ip/port/protocol? We need to configure the firewalls. Is proxy supported?
3.) if we choose to send reports manually, where to upload?
4.) if we choose to send reports manually, what happens if we forget to upload for a period of time?
5.) if we choose to send reports manually, how often do I need to send it?
6.) what happens when a new (internal) regulation forbid to continue upload usage reports?
Kind regards,
István
"So, the old, enforced license will
continue to be available, In fact,
this is the default? The new,
non-enforced license can be received
after some kind of negotiation?"
Correct, you need to talk to your sales rep who will cut you a new license with the non-enforcement flag that you will stack on your existing license.
Such questions arose:
what kind of data collected - well, it
looks good in the doc, but the more
information is, the easier it is for
internal approval
The document is quite clear, including data samples and location of the log files where the info comes from. If you have further questions contact your account team who will, I'm sure, be happy to explore further with you in your environment. HINT: check out $SPLUNK_HOME/etc/apps/splunk_instrumentation
# the default schedule for running the scripted input is 3:05 AM daily.
# Please override this value in system/local/inputs.conf to specify custom schedule
[script://./bin/instrumentation.py]
interval = 5 3 * * *
index=_telemetry
passAuth = splunk-system-user
disabled=false
where the data been sent:
url/ip/port/protocol? We need to
configure the firewalls. Is proxy
supported?
It is sent back over SSL. Proxy is supported, yes.
I used Splunk Stream to capture the traffic. You would need to open *.api.splunkmobile.com:443
if we choose to send reports manually,
where to upload?
You will need to speak to your account rep to clarify what if any requirements will be asked of you.
if we choose to send reports manually,
what happens if we forget to upload
for a period of time?
We trust our customers and work on the honor system for much of our licensing enforcement. lol I am sure this won't be an issue for you and your account team.
if we choose to send reports manually,
how often do I need to send it?
Talk to your account team.
what happens when a new (internal)
regulation forbid to continue upload
usage reports?
Cross that bridge when you get there. Like I said, this is in place for the benefit of our customers, not to make things harder for you to manage Splunk. The no enforcement has been introduced because Splunk has become part of critical monitoring and reporting infrastructure in our client environments, and killing your ability to search due to massive spikes in data, when you may need us the most, is not a crowd pleaser.
Dear mmodestino,
Thank you very much for all of your help and replies.
Regards,
István