Reducing Your Splunk License Usage
In a perfect world, we would each be able to collect every byte of data from all of our systems and store it forever on free infrastructure that requires absolutely no maintenance and is easily accessible and completely secure. Unfortunately here on Planet Earth, we are commonly forced to optimize our systems along a cost-benefit curve – proving the value of the data we collect is worth more than the cost of the infrastructure, licensing, and maintenance.
For most organizations, Splunk has no trouble demonstrating its worth year after year but even your local office Splunk addict wants to be sure they’re getting the most bang for their buck before asking for a license increase at the yearly budget meeting. According to Splunk’s pricing guide, with a 100 GB/day term license, you’re paying $600/year per GB/day of ingestion – not to mention the cost of the infrastructure required to manage this load.
Before starting a discussion about renewing an over-sized Splunk license or purchasing additional license capacity, take the time to verify you’re making the most of the license you have. In this article, we’ll explore ways you can trim the fat from your Splunk license consumption and better align your Splunk usage with your organization’s strategic goals.
Here are some of the strategies that will be discussed in this article:
- Eliminating completely useless data
- Focusing on your key use case
- Fine-tuning your key data sources