Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

ikulcsar
Communicator
‎09-10-2018 04:56 AM

Hi,

Because of license renew/upgrade: is there any way to report/estimate the license volume processed by Enterprise Security?

Regards,
István

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎09-10-2018 01:15 PM

Hi ikulcsar,

This is not really related to Enterprise Security, but just a basic Splunk question. License usage is calculated the same with or without ES, it is based on the amount raw data being indexed.

Read the docs about the LURV here http://docs.splunk.com/Documentation/Splunk/latest/Admin/LicenseUsageReportViewexamples

Hope this helps ...

cheers, MuS

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
Legend
‎09-10-2018 01:15 PM

Hi ikulcsar,

This is not really related to Enterprise Security, but just a basic Splunk question. License usage is calculated the same with or without ES, it is based on the amount raw data being indexed.

Read the docs about the LURV here http://docs.splunk.com/Documentation/Splunk/latest/Admin/LicenseUsageReportViewexamples

Hope this helps ...

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

ikulcsar
Communicator
‎09-11-2018 01:02 AM

Hi,

Thx for the reply. I familiar with the Splunk Enterprise licensing.
We have security related sources along with non-security ones. And there are some partial security and non -security sources.

After all, we don't wanna buy ES license for all the Splunk Enterprise license, somehow we have to measure the log volume processed by ES.
Based on what I've been up to today, I guess there is no built-in solution for this, but maybe someone can help, so I asked.

Regards,
István

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎09-12-2018 03:14 PM

Well, you can have a look at the license usage by sourcetype based on the LURV to get the numbers.

But you will most likely have two problems:

  1. Your friendly Splunk sales will be hard to convince to go this approach
  2. In case of an incident you will need every single bit of information that you could possibly get out of your systems, so limiting yourself in this regard is dangerous

Just my 2 cents 😉

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

ikulcsar
Communicator
‎09-13-2018 05:54 AM

Yep, thx.

That's what I was afraid to do. I have to find out which source is ES relevant, which is not...

Thanx for your time and help.
Regards,
István

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...