Hi all, Currently I am using the Splunk Free version. However, i would like to import the splunk bots dataset into the splunk server to . They are 6GB large.
According to splunk free documentation on https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/MoreaboutSplunkFree,
"Is Splunk Free for you?
Splunk Free is designed for personal, ad hoc search and visualization of IT data. You can use Splunk Free for ongoing indexing of small volumes (<500 MB/day) of data. Additionally, you can use it for short-term bulk-loading and analysis of larger data sets--Splunk Free lets you bulk-load much larger data sets up to 3 times within a 30 day period. This can be useful for forensic review of large data sets."
How do I use/activate the short term bulk loading? I tried to import the dataset via installing a app, but received the error message of maximum size is 500mb.
How did you input the log file? If you are uploading with Splunk WebUI, it is failing due to HTTP file transfer size limitation. It is not a license limitation.
When importing logs larger than 500MB, split the file so that one file is less than 500MB. Then try uploading from WebUI.