Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Are _SYSLOG_ROUTING and _TCP_ROUTING dest_keys on the transform.conf consume Splunk license ?

Zanusha443
Explorer
‎10-04-2023 02:31 AM

Hi,

I am sending logs without indexing on Splunk to another product by using the "SYSLOG_ROUTING" DEST_KEY on the transform.conf file.

Looking at the documentation of "How Splunk licensing works",  it says: "When ingesting event data, the measured data volume is based on the raw data that is placed into the indexing pipeline."

By looking on the monitor console I realized that the indexer pipeline is made by: syslog out, tcp out and indexer lines, so it seems that by using syslog_routing dest key I could also consume Splunk license.
Can you confirm this?

Kind Regards,

Angelo 

 

 

are those

Labels (2)
Tags (2)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-04-2023 03:58 PM

Hi

if you are not stored anything on local disk/indexer then it’s not counted towards your license usage. Based on your scenario, I& I understand right you are forwarding all events to the next host (indexers): then it’s not counted on your license onHF level.. 

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...