We have some new sources that we want to bring into Splunk, but are concerned about license utilization. Is there a way to estimate Splunk usage from a number of hosts without having to deltify each log for it’s per day growth and then summing that up? I guess what I’m looking for is something that I could dump the log to, like a nullQueue, but have it count how much data it would consume. This will help us plan for license growth as we bring new services on. Right now the proposed use case is a pretty big hadoop cluster, but I could also see us indexing application traces and errors for ruby on rails apps.
... View more