Solved: Splunk free - setting up a distributed environemen...

spluzer · ‎05-07-2021

Hey Splunksters,

My work environment is switching from Windows (large distributed enviro) to Linux pretty soon.

I'd like to get familiar with architecting in Linux so I had a couple of questions:

I'm wondering if I can simply spin up 3-5 aws linux vm's and use the free version of splunk to get familiar with the process of creating a distributed enviro (assigning a search head, 1 idx, maybe couple of forwarders and a deployment server using the free splunk???

Or, is the free splunk Enterprise only good for 1 download on 1 machine ??

Thanks!

harsmarvania57 · ‎05-07-2021

Hi,

Yes you can setup multiple VMs for different Splunk role with Splunk Entrprise (which has 500MB license for 60 days).

View solution in original post

harsmarvania57 · ‎05-07-2021

Hi,

Yes you can setup multiple VMs for different Splunk role with Splunk Entrprise (which has 500MB license for 60 days).

isoutamo · ‎05-07-2021

But you cannot use separate LM. Use local trial licenses in all nodes.

ragedsparrow · ‎05-07-2021

Greetings,

Splunk Free is only available for a single, stand-alone instance. You will be unable to build a distributed environment with a Splunk Free license.

ragedsparrow · ‎05-07-2021

However, as previously mentioned, you could use the Splunk Enterprise Trial license to do what you're wanting.

Splunk free - setting up a distributed environement (Search Head, 1 IDX, 1 UF, maybe a deployment server)

distributed search

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms