Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

ikulcsar
Communicator
‎09-10-2018 04:56 AM

Hi,

Because of license renew/upgrade: is there any way to report/estimate the license volume processed by Enterprise Security?

Regards,
István

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎09-10-2018 01:15 PM

Hi ikulcsar,

This is not really related to Enterprise Security, but just a basic Splunk question. License usage is calculated the same with or without ES, it is based on the amount raw data being indexed.

Read the docs about the LURV here http://docs.splunk.com/Documentation/Splunk/latest/Admin/LicenseUsageReportViewexamples

Hope this helps ...

cheers, MuS

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
Legend
‎09-10-2018 01:15 PM

Hi ikulcsar,

This is not really related to Enterprise Security, but just a basic Splunk question. License usage is calculated the same with or without ES, it is based on the amount raw data being indexed.

Read the docs about the LURV here http://docs.splunk.com/Documentation/Splunk/latest/Admin/LicenseUsageReportViewexamples

Hope this helps ...

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

ikulcsar
Communicator
‎09-11-2018 01:02 AM

Hi,

Thx for the reply. I familiar with the Splunk Enterprise licensing.
We have security related sources along with non-security ones. And there are some partial security and non -security sources.

After all, we don't wanna buy ES license for all the Splunk Enterprise license, somehow we have to measure the log volume processed by ES.
Based on what I've been up to today, I guess there is no built-in solution for this, but maybe someone can help, so I asked.

Regards,
István

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎09-12-2018 03:14 PM

Well, you can have a look at the license usage by sourcetype based on the LURV to get the numbers.

But you will most likely have two problems:

  1. Your friendly Splunk sales will be hard to convince to go this approach
  2. In case of an incident you will need every single bit of information that you could possibly get out of your systems, so limiting yourself in this regard is dangerous

Just my 2 cents 😉

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

ikulcsar
Communicator
‎09-13-2018 05:54 AM

Yep, thx.

That's what I was afraid to do. I have to find out which source is ES relevant, which is not...

Thanx for your time and help.
Regards,
István

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...