All Apps and Add-ons

How can Splunk help me manage the logs that are getting generated?

GranitGG
New Member

Hello there, My Company's web server is generating too many logs and it is overwhelming the system, I was wondering how can Splunk help me manage the logs that are getting generated, and get the least and most important logs 

Labels (2)
0 Karma

kainitz64
Explorer

hi,

too many logs / or too much logdata may come from your webserver setting.
possible your webserver logging is set to debug mode.

Check the logs & webserver setting first

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @GranitGG,

using Splunk you can take, index and use web server logs so you don't need to store them but you cannot reduce them, Splunk uses logs generated from the source, if it produces many logs, Splunk indexes them.

You can eventually filter them before indexing (in this way you consume less license) but in this way you lose some information.

Anyway, using Splunk you can search what you need in logs and highlight the contents you need.

Ciao.

Giuseppe

0 Karma

GranitGG
New Member

Thanks for the information Giuseppe, Can I have access to those features with Free Splunk, or should I get a paid version?

 

All the Best

Granit.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @GranitGG,

Splunk Free has many limits as login or distributed searches, and so on, for more infos see at https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/TypesofSplunklicenses#Free_license and https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/MoreaboutSplunkFree 

But indexing, filtering and earching are features that you can use also on Splunk free.

The only limit is that you can index max 500 MB/day, if you exceed this limit for the third time Splunk searching feature is blocked.

And 500 MB/day are very few data!

I hint to contact your trusted Splunk Partner and ask him a trial license for a larger volume of data (e.g. 10 GB/day), use it for the trial period and then, if you like, buy it; I think that the free version of Splunk Enterprise for the limits I described.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...