Splunk Free- Exporting/Importing Data

CSReviews · ‎11-06-2023

Hello, I am looking to use Splunk free edition to teach students about searching through logs. I plan on setting up Splunk within a virtual environment, generating logs, and then exporting the data. Then having students install Splunk on their own machines and import the generated data.

On the free edition, it states "Are you planning to ingest a large (over 500 MB per day) data set only once, and then analyze it? The Splunk Free license lets you bulk load a much larger data sets up to 2 times within a 30 day period".

My question- What is the maximum data that can be imported at a single time? Although the virtual environment will be small, only a few workstations and servers, I am worried that the sample data sets I generate might be too large.

Thank you

gcusello · ‎11-06-2023

Hi @CSReviews ,

there isn't any limit to the volume of daily indexed data also in exceeding.

The only limit is that you can exceed the 500MB limit only two times in 30 solar days, otherwise you'll be in violation and searches will be blocked.

Remember that there's a Splunk License for students, for more infos see at https://www.splunk.com/en_us/about-us/splunk-pledge/academic-license-application.html?locale=en_us

Ciao.

Giuseppe

Splunk Free- Exporting/Importing Data

Other

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting