Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

ikulcsar
Communicator
‎09-10-2018 04:56 AM

Hi,

Because of license renew/upgrade: is there any way to report/estimate the license volume processed by Enterprise Security?

Regards,
István

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎09-10-2018 01:15 PM

Hi ikulcsar,

This is not really related to Enterprise Security, but just a basic Splunk question. License usage is calculated the same with or without ES, it is based on the amount raw data being indexed.

Read the docs about the LURV here http://docs.splunk.com/Documentation/Splunk/latest/Admin/LicenseUsageReportViewexamples

Hope this helps ...

cheers, MuS

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎09-10-2018 01:15 PM

Hi ikulcsar,

This is not really related to Enterprise Security, but just a basic Splunk question. License usage is calculated the same with or without ES, it is based on the amount raw data being indexed.

Read the docs about the LURV here http://docs.splunk.com/Documentation/Splunk/latest/Admin/LicenseUsageReportViewexamples

Hope this helps ...

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

ikulcsar
Communicator
‎09-11-2018 01:02 AM

Hi,

Thx for the reply. I familiar with the Splunk Enterprise licensing.
We have security related sources along with non-security ones. And there are some partial security and non -security sources.

After all, we don't wanna buy ES license for all the Splunk Enterprise license, somehow we have to measure the log volume processed by ES.
Based on what I've been up to today, I guess there is no built-in solution for this, but maybe someone can help, so I asked.

Regards,
István

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎09-12-2018 03:14 PM

Well, you can have a look at the license usage by sourcetype based on the LURV to get the numbers.

But you will most likely have two problems:

  1. Your friendly Splunk sales will be hard to convince to go this approach
  2. In case of an incident you will need every single bit of information that you could possibly get out of your systems, so limiting yourself in this regard is dangerous

Just my 2 cents 😉

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

ikulcsar
Communicator
‎09-13-2018 05:54 AM

Yep, thx.

That's what I was afraid to do. I have to find out which source is ES relevant, which is not...

Thanx for your time and help.
Regards,
István

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...