Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunkit and indexing
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I installed Splunkit to help with troubleshooting slow searches. One of the items in the instructions say to index the generated 50 GB data. Will this step use up my license allocation?
Thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to the Install instructions:
(2) What did SplunkIt do to my Splunk server?
SplunkIt should be run on a clean Splunk instance, and after the test,
this Splunk instance can be deleted.
In other words, do not use a Splunk instance in-use to run SplunkIt if you
expect it restored to its previous state.
So per the above text, it will use whatever splunk license it is indexing on.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to the Install instructions:
(2) What did SplunkIt do to my Splunk server?
SplunkIt should be run on a clean Splunk instance, and after the test,
this Splunk instance can be deleted.
In other words, do not use a Splunk instance in-use to run SplunkIt if you
expect it restored to its previous state.
So per the above text, it will use whatever splunk license it is indexing on.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you get so many warnings on your account, if this is just a one time thing then you would spike it for one day, it will not stop once hitting your indexing threshold. Then after 30 days the warning will go away. So if you want to use it once on one day, i don't see how that could hurt. As long as the instance you are using it on is a Dev or QA instance. I would not recommend using it on an instance that is in use by others for reporting etc.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the response. So I guess that means splunkit will not work for me.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
