Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to go about a PoC license with minimal ingestion?

danielbb
Motivator
‎05-16-2025 07:51 AM

We are creating a small cluster with minimal ingestions of around 2 GB a day on-prem. I wonder what would be the best way to approach the license, is the license per usage vs ingestion available for an on-prem environment? for something so small, does it make sense to switch and have it on the cloud?

Labels (2)
Tags (2)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎05-16-2025 09:34 AM

It's a bit unclear what you need.

1. Usually if you want to check the product for yourself and just see what it can do you can use the trial license.

2. If you want a PoC you'd rather involve your local Splunk Partner because usually a PoC involves demonstrating that some real-life scenarios can be realized using product or some actual problems can be solved.

So it's best you simply contact one of your local friendly Splunk Partners and talk with them about a PoC or about getting a demo license for a short period of time.

Anyway, 2GB/day doesn't usually warrant a "cluster".

0 Karma
Reply

kiran_panchavat
SplunkTrust
SplunkTrust
‎05-16-2025 09:06 AM

@danielbb 

Since your ingestion is minimal (2 GB/day), and assuming you already have on-prem infrastructure:

  • Stick with on-prem if you want full control and already have the hardware.
  • Choose Ingest-Based Term Licensing for predictable costs and flexibility.
  • Consider Splunk Free (500 MB/day) for testing or very small-scale use.

If you're open to cloud and want to reduce operational overhead, Splunk Cloud with pay-as-you-go could be a cost-effective and low-maintenance alternative.

For such a small ingestion volume, Splunk Cloud might be worth considering if:

  • You want to avoid infrastructure management.
  • You prefer pay-as-you-go pricing 
  • You value scalability and ease of updates.

Pricing | Splunk

 If you need further assistance or a detailed quote, contact Splunk sales or a partner like SP6, and consider a free trial to validate your setup.
 
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎05-16-2025 10:32 AM

Hi @kiran_panchavat 

$10/GB? Where are you seeing that?  That would be nice.  (Edit - I see you've now removed this and replaced it with other content)

Google suggests "Splunk typically costs between $1,800-$2,500 per GB/day for an annual license." but this is probably based on public pricing resources without any partner/volume discounts etc. 

For what its worth, I agree with @isoutamo that Splunk Cloud would be a good option here, I thought smallest was 50GB but if its only 5GB then the annual cost for this is probably less than the cost of someone building, running and maintaining a cluster on-prem! 

For what its worth - I did a conf talk in 2020 about moving to Cloud and the "cost" ("The effort, loss, or sacrifice necessary to achieve or obtain something") - TL;DR; Cloud was cheaper.

https://conf.splunk.com/files/2020/slides/PLA1180C.pdf#page=37

The Free version wont suffice for the PoC because it doesnt have the features required such as clustering, authentication etc etc.

Get in with Sales and they can help arrange a PoC license if they think you'll be looking to purchase a full license 🙂 https://www.splunk.com/en_us/talk-to-sales/pricing.html?expertCode=sales

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

 

 

Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-16-2025 09:19 AM
Splunk free didn't contains needed feature for PoC!
The minimum is trial, but it has ingestion size limits and also it didn't contains e.g. remote LM feature.

One option is request developer license (could take some times to get) or contact to your local Splunk partner and asked trial from them for Onprem PoC.
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-16-2025 08:22 AM

Currently minimum licence for Cloud is 5GB and it's always for minimum one year. If you want to test with cloud you must use Splunk's free trial which is 14days and you cannot migrate/convert this to official stack after 14d period.

In onprem minimum license is 1GB/day. You could use it for single node or create even multisite cluster with it or anything between those options. With your ingested data amount there is no option to go svc based license in onprem even there is this splunk's offering. This needs much higher daily ingestion amount to be reasonable priced vs. ingestion based license.

Currently SCP (splunk cloud license) are quite nicely priced vs. onprem + hw/virtual capacity/management stuff needed for those so I definitely look SCP for production probably even earlier than 5GB daily base ingestion. Of course it depends on what kind of environment you have and how splunk will be managed there etc.

And of course you quite probably need some nodes (e.g. DS + IHF + DBX HF etc.) into onprem too?

Reply

livehybrid
SplunkTrust
SplunkTrust
‎05-16-2025 07:56 AM

Hi @danielbb 

I think from memory the minimum I've seen a Cloud stack is 50GB, however this is just based on a some of the smaller customers I have worked with. 

It is possible to get ingestion based licenses for on-premises which I believe go from 1GB in chunks, so you would be able to purchase a 2GB license.

I think your best option here is to speak to sales, if you dont have a contact go via https://www.splunk.com/en_us/talk-to-sales/pricing.html?expertCode=sales and tell them you wish to do a PoC etc, they should be able to provide you a proper license for the PoC versus the trial license available online.

Happy Splunking!

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Get Updates on the Splunk Community!

Index This | What’s a riddle wrapped in an enigma?

September 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...