May I know how Splunk calculate license usage for ...

nelson_ye · ‎10-11-2017

Hi All

I want to know how Splunk will calculate license usages for packets collection?
Currently what we are doing is setup monitor sessions on Cisco switches, and then monitor interested vlans' traffics to packet collectors.
For example, i have one packet capture device that have one NIC capturing packets, below are 24 hours collected pkts:
EM2:8749745734122 bytes = 1018GB

So will both those 1018 GB being calculated into license usage?

BR
Nelson

nelson_ye · ‎10-13-2017

Hi SSievert

Thanks for your answer, actually we are planning to deploy Splunk in our Environment, we are evaluating license status if it will be enough for current packet capturing. Currently we use another Security product that also can capturing packets and we write rules to do some security related alerts/incidents creation, and also dig out some potential risks in our environment. So besides logs, packet capturing and investigation is also very important for us.

We setup many Use cases that may index packet meta data, like clear text password finding, Botnet tracing and IOC detection, etc.

BR
Nelson

s2_splunk · ‎10-12-2017

Nelson,
this is well documented here.
Splunk license usage is based on the actual raw bytes written to disk during indexing in a 24hr period. If you index your packet captures into Splunk and the data represents 1018GB, this is what will be used in license usage calculation.

What is your use case for indexing pcap data...?

May I know how Splunk calculate license usage for Packet collections

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM