If I have to do a lot of processing to reduce my log volume, and then
go back to the raw logs in case I actually needed the data, is there
really a lot of benefit to using splunk in the first place?
On Fri, Apr 17, 2009 at 6:03 PM, Kon Wilms <konfoo@gmail.com> wrote:
> On Fri, Apr 17, 2009 at 5:07 PM, Gabriel Ramuglia <gabe@vtunnel.com> wrote:
>> I was able to use the wayback machine to find the most recent pricing
>> for splunk. It seems that 1gb / day license costs $10k and 10gb / day
>> of log volume is going to set you back $30k. Above that and you have
>> to ask them for pricing. That's really not going to work seeing as how
>> I'm doing more like 100gb / day. Their current website doesn't have
>> any prices at all and just asks that you contact their sales
>> department.
>
> The trick is to reduce your log volume. I use a number of parsers that
> filter and summarize logs before pushing them to the central NMS
> server and placing them into the splunk queue. Works perfectly and if
> there is a need to analyze a specific problem we can always go back to
> the machine with the source logs for further investigation.
>
> Cheers
> Kon
>
>