Monitoring Splunk

May I know how Splunk calculate license usage for Packet collections

New Member

Hi All

I want to know how Splunk will calculate license usages for packets collection?
Currently what we are doing is setup monitor sessions on Cisco switches, and then monitor interested vlans' traffics to packet collectors.
For example, i have one packet capture device that have one NIC capturing packets, below are 24 hours collected pkts:
EM2:8749745734122 bytes = 1018GB

So will both those 1018 GB being calculated into license usage?

BR
Nelson

0 Karma

New Member

Hi SSievert

Thanks for your answer, actually we are planning to deploy Splunk in our Environment, we are evaluating license status if it will be enough for current packet capturing. Currently we use another Security product that also can capturing packets and we write rules to do some security related alerts/incidents creation, and also dig out some potential risks in our environment. So besides logs, packet capturing and investigation is also very important for us.

We setup many Use cases that may index packet meta data, like clear text password finding, Botnet tracing and IOC detection, etc.

BR
Nelson

0 Karma

Splunk Employee
Splunk Employee

Nelson,
this is well documented here.
Splunk license usage is based on the actual raw bytes written to disk during indexing in a 24hr period. If you index your packet captures into Splunk and the data represents 1018GB, this is what will be used in license usage calculation.

What is your use case for indexing pcap data...?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!