Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I use/activate the short term bulk loading using the Splunk free version?

yihan
New Member
‎06-01-2019 08:19 PM

Hi all, Currently I am using the Splunk Free version. However, i would like to import the splunk bots dataset into the splunk server to . They are 6GB large.

According to splunk free documentation on https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/MoreaboutSplunkFree,

"Is Splunk Free for you?
Splunk Free is designed for personal, ad hoc search and visualization of IT data. You can use Splunk Free for ongoing indexing of small volumes (<500 MB/day) of data. Additionally, you can use it for short-term bulk-loading and analysis of larger data sets--Splunk Free lets you bulk-load much larger data sets up to 3 times within a 30 day period. This can be useful for forensic review of large data sets."

How do I use/activate the short term bulk loading? I tried to import the dataset via installing a app, but received the error message of maximum size is 500mb.

0 Karma
Reply

soskaykakehi
Path Finder
‎06-02-2019 05:30 AM

Hi @yihan

How did you input the log file? If you are uploading with Splunk WebUI, it is failing due to HTTP file transfer size limitation. It is not a license limitation.

When importing logs larger than 500MB, split the file so that one file is less than 500MB. Then try uploading from WebUI.

0 Karma
Reply

soskaykakehi
Path Finder
‎06-02-2019 05:32 AM

Other option is using input monitor or oneshot command.

0 Karma
Reply

DavidHourani
Super Champion
‎06-02-2019 05:18 AM

Hi @yihan, what do you mean tried importing the dataset via installing an app ? Did you setup a monitor on the required files via inputs.conf or GUI ?

0 Karma
Reply

yihan
New Member
‎06-02-2019 08:20 AM

The dataset given from splunk for Bots SOC is given as an app to import: https://github.com/splunk/botsv1

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...