Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need Information on Licensing Requirements for Splunk Clustering on Indexers

metmox1
Explorer
‎05-13-2022 07:37 AM

Hello Team,

We are willing to understand the approach and the licensing requirements in order to install Splunk ES on clustering on Indexers and Search Head. Will we need an identical license on both the clusters?

metmox1_0-1652452570259.png

Regards,

Vikram Chabra

Vikram@Metmox.com

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-13-2022 07:45 AM

All indexers should connect to the same License Manager.  There are no separate license requirements for ES.

---
If this reply helps you, Karma would be appreciated.
Reply

metmox1
Explorer
‎05-13-2022 07:47 AM

Thanks for the confirmation.

 

Can you please provide relevant document, for building Splunk ES server ground up with clustering on indexer and search head?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-13-2022 08:00 AM

Hi @metmox1,

ES architecture and dimensioning isn't an easy job, I hint to engage a Splunk PS or at least a Splunk Architect with experience in ES architectures, because there are requirements and attention points different than Splunk Enterprise, (only for example: for Splunk Enterprise you use one Indexer to index until 200 GB, with ES until 100-150 GB.

Hardware requirements are described at https://docs.splunk.com/Documentation/ES/7.0.1/Install/DeploymentPlanning but as I said, it's mandatory to have training and experience on ES.

Ask to your reference Splunk Partner to help you; if you are a Splunk Partner ask to your managers to partecipate to a training (I did it!)

Ciao.

Giuseppe

0 Karma
Reply

metmox1
Explorer
‎05-13-2022 07:43 AM

Ok, so if we are implementing clustering across two distinct AWS availability zones on indexers, will we need 2 identical Splunk ES licenses?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-13-2022 07:48 AM

Hi @metmox1,

if you have one cluster, that make data replication between the peers, you have to pay only one license (if you have a license for indexed logs).

It's different if you have two (or more) clusters that exchange logs between them: in each case you have to pay the total indexed logs, not also the replicated ones.

It's obviously different if you have a license for CPU.

My hint is to ask to your reference Splunk Partner or a Splunk Sales.

Ciao.

Giuseppe

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-13-2022 07:42 AM

Hi @metmox1,

Splunk license is countered on the daily indexed logs or the number of CPUs of Indexers, so Search Heads don't enter in the license calculation.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...