All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can Splunk help me manage the logs that are getting generated?

GranitGG
New Member
‎12-15-2022 08:39 AM

Hello there, My Company's web server is generating too many logs and it is overwhelming the system, I was wondering how can Splunk help me manage the logs that are getting generated, and get the least and most important logs 

Labels (2)
Labels
0 Karma
Reply

kainitz64
Explorer
‎12-16-2022 05:13 AM

hi,

too many logs / or too much logdata may come from your webserver setting.
possible your webserver logging is set to debug mode.

Check the logs & webserver setting first

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-16-2022 12:02 AM

Hi @GranitGG,

using Splunk you can take, index and use web server logs so you don't need to store them but you cannot reduce them, Splunk uses logs generated from the source, if it produces many logs, Splunk indexes them.

You can eventually filter them before indexing (in this way you consume less license) but in this way you lose some information.

Anyway, using Splunk you can search what you need in logs and highlight the contents you need.

Ciao.

Giuseppe

0 Karma
Reply

GranitGG
New Member
‎12-16-2022 04:17 AM

Thanks for the information Giuseppe, Can I have access to those features with Free Splunk, or should I get a paid version?

 

All the Best

Granit.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-16-2022 05:20 AM

Hi @GranitGG,

Splunk Free has many limits as login or distributed searches, and so on, for more infos see at https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/TypesofSplunklicenses#Free_license and https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/MoreaboutSplunkFree 

But indexing, filtering and earching are features that you can use also on Splunk free.

The only limit is that you can index max 500 MB/day, if you exceed this limit for the third time Splunk searching feature is blocked.

And 500 MB/day are very few data!

I hint to contact your trusted Splunk Partner and ask him a trial license for a larger volume of data (e.g. 10 GB/day), use it for the trial period and then, if you like, buy it; I think that the free version of Splunk Enterprise for the limits I described.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...