- Tom Kopchak
- Dec 01, 2017
- Tested on Splunk Version: N/A
Knowing how your Splunk license is being used is a critical part of gaining value from your Splunk instance. In this tutorial, Tom will show you what you need to do in your Splunk Enterprise installation in order to understand what’s going on with your license usage and how to investigate any violations that may arise.
If you are using too much of your license, which means taking on an unnecessary expense, it's a good idea to determine what data you are actually using and eliminate that which you are not. If you’re using too little, this is a good indication that Splunk is being underutilized and you should figure out what data is necessary to gain the maximum effectiveness from Splunk. Ultimately, knowing exactly where you are, and understanding which data and source types are important, will help you make better decisions with Splunk.
Also, feel free to check out the splunk> docs article for more details on how Splunk Enterprise licensing works.
In this tutorial Tom will show you what you need to do in your Splunk Enterprise installation to gain a better understanding of Splunk license overage violations you might come across and what you should do to investigate these warnings.
Hopefully this tutorial will increase your understanding of Splunk license usage and drill down into some strategies that will make Splunk more valuable to you. If you have any further questions or comments, feel free to touch base with us on Twitter (@hurricanelabs), or if you're looking for more ways to get the most out Splunk find out how we can help.
If you're looking for something different than the typical "one-size-fits-all" security mentality, you've come to the right place.