Hello Everyone,
My question is how I can calculate that which license is good for my operation.
I will be preparing reports, dashboard using Splunk from ORACLE database. I know that "For the full-featured version of Splunk Enterprise, pricing is based on the amount of data indexed PER DAY. No charges for the number of users. No charges for the number of CPUs or cores or nodes. No charges for data sources or data types. No charges for the number of searches or volume of data searched".
Now in this case how Splunk will treat this data, will it be indexed whole Oracle database which is of above 40 GB or it will index the data on the basis of my query ?
Hello
It is up to you, but probably you should use the tail method to index just new data (maybe with a first time dump). So basically you will index only new generated data, so you only need to care about the daily generated volume. How much grows your DB table every day?
More info:
http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Configuredatabasemonitoring
regards
Hello
It is up to you, but probably you should use the tail method to index just new data (maybe with a first time dump). So basically you will index only new generated data, so you only need to care about the daily generated volume. How much grows your DB table every day?
More info:
http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Configuredatabasemonitoring
regards
That should not be the way to do it. An Splunk admin should define the input (using tail method of db connect) to index the data needed. Then the reporting users will query the data already indexed in splunk, that wont generate any licensing cost. So the admin controls the index (and therefore the indexed volume and license) and the users just query the data, and should not be able to index new data.
Regards
Wow you are awesome!!:) Now I have some clarity.
If you can advise, let’s say I have 1 server and 10 SPLUNK users and all have rights to generate reports, prepare charts, dashboard on the basis of queries. What I understood, if any users fire a query SPLUNK will index the data on the basis of that query and side by side it will compare the output size with the licence limit, any time if it crosses the limit we will get a licence warning correct?
Here my question is what if all the users fires different queries and all have different output sizes then what..?
Yes, althougt you are allowed to index more than the limit 3 times in a 30 days window. So for the first dump, you could index all 40gb, get a license warning, and then only index the new daily data.
Thanks for the quick responce.Correct me if I am wrong lets say I have 10 GB Splunk enterprise license,and in splunk if I fire a query "select * from abc" .Here I need to care about that the output size should not more than 10 GB.Is that correct?