Hello there, My Company's web server is generating too many logs and it is overwhelming the system, I was wondering how can Splunk help me manage the logs that are getting generated, and get the least and most important logs
hi,
too many logs / or too much logdata may come from your webserver setting.
possible your webserver logging is set to debug mode.
Check the logs & webserver setting first
Hi @GranitGG,
using Splunk you can take, index and use web server logs so you don't need to store them but you cannot reduce them, Splunk uses logs generated from the source, if it produces many logs, Splunk indexes them.
You can eventually filter them before indexing (in this way you consume less license) but in this way you lose some information.
Anyway, using Splunk you can search what you need in logs and highlight the contents you need.
Ciao.
Giuseppe
Thanks for the information Giuseppe, Can I have access to those features with Free Splunk, or should I get a paid version?
All the Best
Granit.
Hi @GranitGG,
Splunk Free has many limits as login or distributed searches, and so on, for more infos see at https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/TypesofSplunklicenses#Free_license and https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/MoreaboutSplunkFree
But indexing, filtering and earching are features that you can use also on Splunk free.
The only limit is that you can index max 500 MB/day, if you exceed this limit for the third time Splunk searching feature is blocked.
And 500 MB/day are very few data!
I hint to contact your trusted Splunk Partner and ask him a trial license for a larger volume of data (e.g. 10 GB/day), use it for the trial period and then, if you like, buy it; I think that the free version of Splunk Enterprise for the limits I described.
Ciao.
Giuseppe