Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

May I know how Splunk calculate license usage for Packet collections

nelson_ye
New Member
‎10-11-2017 11:56 PM

Hi All

I want to know how Splunk will calculate license usages for packets collection?
Currently what we are doing is setup monitor sessions on Cisco switches, and then monitor interested vlans' traffics to packet collectors.
For example, i have one packet capture device that have one NIC capturing packets, below are 24 hours collected pkts:
EM2:8749745734122 bytes = 1018GB

So will both those 1018 GB being calculated into license usage?

BR
Nelson

0 Karma
Reply

nelson_ye
New Member
‎10-13-2017 07:22 AM

Hi SSievert

Thanks for your answer, actually we are planning to deploy Splunk in our Environment, we are evaluating license status if it will be enough for current packet capturing. Currently we use another Security product that also can capturing packets and we write rules to do some security related alerts/incidents creation, and also dig out some potential risks in our environment. So besides logs, packet capturing and investigation is also very important for us.

We setup many Use cases that may index packet meta data, like clear text password finding, Botnet tracing and IOC detection, etc.

BR
Nelson

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎10-12-2017 12:39 AM

Nelson,
this is well documented here.
Splunk license usage is based on the actual raw bytes written to disk during indexing in a 24hr period. If you index your packet captures into Splunk and the data represents 1018GB, this is what will be used in license usage calculation.

What is your use case for indexing pcap data...?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...