Splunk Enterprise

Two separate licenses in one site

Yaron_Eilat
Engager

Hi,

I have a customer who has a 50GB Enterprise license on one network and he wants to add SIEM, but only for a separate network which has a measly 5GB of daily volume. He understandably feels very strongly about being forced to purchase an equivalent 50GB SIEM license when all he needs is 5GB and its even on a completely separate network. Is it possible to have a separate Enterprise + SIEM license for a second network on the same site?

I heard claims that is illegal as far as Splunk is concerned, is there a basis to those claims?

Thanks in advance for your responses.

Labels (1)
0 Karma
1 Solution

PickleRick
SplunkTrust
SplunkTrust

I wouldn't use words like "illegal", especially since legality may differ between countries but it all depends on your agreement with Splunk. By default you just buy a single Splunk Enterprise license for your organization and a Enterprise Security license which equals your SE size. If you have a specific need (like the necessity to have a two separate licenses because you have two completely unconnected sites which can't be handled by a single license manager), you have to talk with your local Partner/Splunk sales representative. This is a custom case and has to be treated as such. We can't know whether Splunk decides to grant such "license layout" or not.

View solution in original post

isoutamo
SplunkTrust
SplunkTrust

Hi

you can always ask that splunk split your enterprise license to 5 and 45GB license file. Then ask also 5GB ES license. Then just use separate LM where to put those two 5+5 files and use that for your SIEM instance. This will fulfill official requirements.

r. Ismo

0 Karma

PickleRick
SplunkTrust
SplunkTrust

I wouldn't use words like "illegal", especially since legality may differ between countries but it all depends on your agreement with Splunk. By default you just buy a single Splunk Enterprise license for your organization and a Enterprise Security license which equals your SE size. If you have a specific need (like the necessity to have a two separate licenses because you have two completely unconnected sites which can't be handled by a single license manager), you have to talk with your local Partner/Splunk sales representative. This is a custom case and has to be treated as such. We can't know whether Splunk decides to grant such "license layout" or not.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...