Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I estimate daily indexing volume for license requirements when adding more logging devices to our Splunk environment?

PHanton
New Member
‎12-17-2015 08:23 AM

Current looking at adding more devices to our Splunk Server and I would like to know how Splunk reads this data in regards to daily volume so I know if our License will still meet the additional logging?

If I have 16 GB daily logs on an Active Directory server, is Splunk going to see this as an additional 16 GB to the daily utilization, or is the data utilization measured after indexing and changing format?

0 Karma
Reply

dcarmack_splunk
Splunk Employee
Splunk Employee
‎12-17-2015 09:16 AM

What do you mean by changing format? Splunk does not change the format of the raw data.

License utilization is measured from the raw data, so if you consume 16GB of data on disk, the license utilization will be the same.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...