enterprise licensing for huge static local data

nina15 · ‎10-13-2011

Does splunk need enterprise licensing for local data resource with a static but huge size (i.e. ~90GB) ?

nina15 · ‎10-16-2011

you have about 90GB that spunk has
never seen before

great way of clarification... thanks!

kdenton · ‎10-14-2011

Ayn is correct,

Think of a summary index as an index of data that has already been ingested.

So if I think about what you are doing above, you have about 90GB that spunk has never seen before, so with out an enterprise license you would be limited to 500MB per day.

nina15 · ‎10-13-2011

and then what the following means??

Note: Summary indexing volume is not
counted against your license.

source: splunk-license

Ayn · ‎10-14-2011

It means that any summary indexing you are doing will not be counted when the amount of indexed data is retrieved. If you don't know what summary indexing is, here is some information on it in the docs: docs.splunk.com/Documentation/Splunk/latest/Knowledge/Usesummaryindexing

kdenton · ‎10-13-2011

Slunk license is based on the amount you ingest in a 24 hour period, you get 500 mb per 24 hour per period.

Two solutions

One: chop the data into smaller chunks of 500 mb per day. Spunk will work just fine.

Two: License spline but for 90 GB would be a bit costly.

nina15 · ‎10-14-2011

feeding will reach the maximum limit as well, right?
i got the yellow warning saying it has exceeded..
I read in licensing info that if the warning exists it will be counted as a license violation, resulting to blocking of testing version of Splunk...

Ayn · ‎10-13-2011

Three: Feed it all to Splunk as lookups! 😄

enterprise licensing for huge static local data

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...