Monitoring Splunk

Database query into summary index counts as licensing usage ?

ruiaires
Path Finder

Using DB_Connect with dbquery command, if the search results are stored in a summary index, will this count towards the license usage ?

From the documentation, it seems that If summary commands are used (sitop, sirare, sistats, sichart, sitimechart and collect) and the sourcetype is not renamed (stash) it does not count for licensing.

1 Solution

jcoates_splunk
Splunk Employee
Splunk Employee

Hi,

No, it does not count towards license usage. If this becomes a problem, we may need to alter the app's license terms to tighten that up, though.

View solution in original post

jcoates_splunk
Splunk Employee
Splunk Employee

Hi,

No, it does not count towards license usage. If this becomes a problem, we may need to alter the app's license terms to tighten that up, though.

lukejadamec
Super Champion

Good question. Summary indexing does not count against licensing, ie, mining data that has already been indexed and storing the results in a new index.

If the dbquery command collects data directly from a database, and the splunk summary stats search commands can search those results and populate an index, then you may have found a way around licensing. Hard to believe tho, the licensing code is pretty well baked in.
Have you tested it? It should be easy enough to test.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...