I'm looking into using Log Analyzer as an aggregate for all my alerts, events, snmp, wmi, vmware and such. I understand the max license is 1000 nodes, I have way more than that. Do I need another license for additional nodes or can I add more nodes to the one license at the cost of realtime polling. I dont mind if the aggregate updates every min rather than every second.
It is possible to license more than 1000 but you will need to ping your sales rep and ask to have a quick call with a Sales Engineer. They will discuss your environment and goals with you to validate that the larger node count won't create problems. The big issue is events per second so provided your logs from all sources combined don't significantly exceed 1000 events per second we should be able to help.
Making the aggregate updates every minutes will not significantly help you to reduce your logs. Anyhow security logs will combine all log events within a minute. There is no need for getting another license for adding additional nodes. The best way is to ping your customer care and have a quick discussion with sales team to whom you have contacted during purchase.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.