Curious if anyone has a way to show splunk license utilization and cribl savings on the same chart?
Before I attempt this, curious if anyone has a way to show splunk license utilization and cribl savings on the same chart.
Answers
-
Got a couple different ways I've gone about it. I'll share some snaps below here. But feel free to reach out. Happy to help with whatever approach you take.
0 -
I've also got some spreadsheets to help calculate anyting around license costs/TCO and ROI, they are just graphically not as beautiful
0 -
on option is to leverage the cribl internal metrics src and route that data to metric index in splunk. then you can create splunk dashboard and show the cribl metrics data in/out alongside splunk internal metrics for license and data sizes
0 -
do you have any doc for exporting cribl internal data to splunk , is there any app in splunk for that ?
0 -
<@U029E00D31N> check out <https://docs.cribl.io/stream/sources-cribl-internal#configuring-cribl-internal-logsmetrics-as-a-datasource|Configuring internal metrics/logs as a source>. You would connect this source to Splunk the same way you do other sources, either via QuickConnect or in a routing table. Here is the full list of available https://docs.cribl.io/stream/internal-metrics/|metrics and lhttps://docs.cribl.io/stream/internal-logs|ogs. I'm not sure of any actual walkthroughs / setup guides or blogs for this but that's a great idea. Will look into it.
0 -
be aware though that the metrics may not match up exactly to what the Splunk license is measuring. Splunk ingest takes the size of _raw where Cribl does full event length. There are ways to measure _raw.length and send as metric to splunk. I'll look at some of my notes and get a better answer
0 -
i sent the metrics to grafana , but don't see any thing related to license , route , .. etc dashboard we have in the cribl
0
