Splunk Service Pricing

faq

100% Security Incentive

Please note that the Security Incentive described below is, at the time of this writing, at 100% for entities under the Provost (possible caveats for externally funded entities). Please email splunk-support@illinois.edu for any questions or more information.

Basic Service

Daily Ingest in GB * $72 per month (see Security Incentive below)

Examples:

  • If your daily ingest is 500 MB, your basic service price will be $36/month.
  • If your daily ingest is 1 GB, your basic service price will be $72/month.

Included:

  • One or more indexes (as appropriate) for your log sources.
    • 90 days of retention (default) for any index
    • Unlimited hosts / log sources
  • Your own custom “team” or “project” app for developing searches, storing reports, alerts, dashboards, lookups, etc.
  • On-boarding service, including consultation for unique needs and basic “Getting Started” configuration. (Ingest, permissions, app creation, CIM compliance, etc.) 

Security Incentive

Security has an interest in helping units to meet Information Security Control Requirements that relate to remote (off-host) logging. (Reference IT 03.6.1 – 2 for networks; IT 04.6.1 – 2 for servers; and IT 07.6.1 for applications.) 

  • Security is offering to cover the daily ingest volume that is represented by log events that correspond to these controls. Since it can be difficult to determine what daily ingest volume directly corresponds to compliance-relevant data, Security is willing to cover a baseline of 10% of the volume of an index that contains any compliance-relevant content. Having Security cover a higher volume based on evidence from log analysis is available upon request. 

  • Upon request and at their discretion, Security may be willing to pay for retention beyond 90 days.  

Service Enhancements Available 

Storage for retention beyond 90 days 

  • Retention beyond 90 days is available in 30-day units. 

  • The cost for storage, as of this writing, is ~$0.89 for every 1 GB of storage per year (or $0.074 for every 1 GB per month).

  • Upon request and at their discretion, Security may be willing to pay for retention beyond 90 days.

Additional Storage for Non-Index Data

For the most part, storage for things like summary indexes, data models, lookup tables, etc. are covered in the basic service. Some use cases, however, may call for the generation of very large amounts of ancillary data. Accommodations can be made for those extreme use cases at a rate similar to storage for retention beyond 90 days.

Dedicated Search Head

The primary instance of Illinois Splunk Web (Search Head) is intended to meet the majority of use cases. While dedicated search heads are discouraged because of the increase in cost, labor, and environmental complexity, we understand that certain use cases may justify a dedicated search head. Meet with us to explore your use case and potential costs.

Consulting

For consultation needs beyond original on-boarding and basic support for service. Meet with us to explore hourly or “Service Unit” (Field Services) options.

Splunk at Illinois
Email: splunk-admin@illinois.edu
Log In