Solved: How much license do I need if I'm using a heavy fo...

ibatalla · ‎03-20-2015

Hi guys,

I'm using a heavy forwarder to send data to a syslog server. If I don't send data to an indexer and only use the heavy forwarder to send to syslog, what is the license that I need?

thanks a lot.

satishsdange · ‎03-20-2015

There are 4 stages of Splunking -
1. Inputs - data is gathered from sources (files, network, servers, applications etc)
2. Parsing - data is analyzed, broken into events, metadata (such as timestamp, source type etc) is assigned, and (optional) raw data can be filtered or modified

3. Indexing - the data is written to permanent storage in Splunk
4. Searching - searches are run on the data stored in Splunk

Whatever volume of data is written to disk in stage 3, you should purchase that much license.

View solution in original post

satishsdange · ‎03-20-2015

There are 4 stages of Splunking -
1. Inputs - data is gathered from sources (files, network, servers, applications etc)
2. Parsing - data is analyzed, broken into events, metadata (such as timestamp, source type etc) is assigned, and (optional) raw data can be filtered or modified

3. Indexing - the data is written to permanent storage in Splunk
4. Searching - searches are run on the data stored in Splunk

Whatever volume of data is written to disk in stage 3, you should purchase that much license.

How much license do I need if I'm using a heavy forwarder to send data only to a syslog server, not to an indexer?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms