Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Free License and Free Forwarding

ericmoss
Explorer
‎09-29-2010 12:38 PM

I recently downloaded Splunk. Right now, I am using the free license that came with Splunk software on three different servers. Is that ok? Or do I need a different free license for each instance of Splunk I have? If so, how do I get more free licenses?

I can also use forwarding with the free version of Splunk, correct? And how much data can I forward with the free version?

Reply
1 Solution
Solved! Jump to solution
Solution

Brian_Osburn
Builder
‎09-29-2010 12:58 PM

I'd suggest that you check out http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree for a lot more details about the Free vs Enterprise.

But, to answer your specific questions:

  1. You can use the same free license, just remember you will have the limitations listed in the above link.
  2. Yes you can. There's an actual splunk-forwarder.license - you can rename that to splunk.license and you're set.
  3. It's not so much about the amount of data you can forwarder, it's the amount you index. The daily limit for indexing data is 500MB with a caveat. You can index as much as you want, but if you go over that limit 3 times in a 30 day period, searching will be disabled. For example, if you had 10gigs worth of data you wanted to index all at once, you can.

View solution in original post

Reply
Solved! Jump to solution

gerardo_maya
Splunk Employee
Splunk Employee
‎03-23-2012 09:37 AM

I found this link that talk about the features that you lost when use a Free license.

http://docs.splunk.com/Documentation/Splunk/4.3/Admin/TypesofSplunklicenses#Free_license

Reply
Solved! Jump to solution
Solution

Brian_Osburn
Builder
‎09-29-2010 12:58 PM

I'd suggest that you check out http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree for a lot more details about the Free vs Enterprise.

But, to answer your specific questions:

  1. You can use the same free license, just remember you will have the limitations listed in the above link.
  2. Yes you can. There's an actual splunk-forwarder.license - you can rename that to splunk.license and you're set.
  3. It's not so much about the amount of data you can forwarder, it's the amount you index. The daily limit for indexing data is 500MB with a caveat. You can index as much as you want, but if you go over that limit 3 times in a 30 day period, searching will be disabled. For example, if you had 10gigs worth of data you wanted to index all at once, you can.
Reply
Solved! Jump to solution

gwcon
Path Finder
‎03-08-2020 12:35 AM

So i could index 50GB in a single time and not be limited as i only did it once ?
Suppose i do get limited i can search that data after my searching gets re-enabled ?
How long is searching disabled ?

0 Karma
Reply
Solved! Jump to solution

Lowell
Super Champion
‎09-29-2010 10:29 PM

You can only index 1 Mb a day locally. But in forwarder mode, you are forwarding all your data to another indexer, so nothing should be indexed locally, so the "1 MB limit" really doesn't limit you in any way.

Reply
Solved! Jump to solution

Brian_Osburn
Builder
‎09-29-2010 06:05 PM

I'd say no, otherwise I'd be in trouble since I forward gigs a day using the free license 🙂

0 Karma
Reply
Solved! Jump to solution

ericmoss
Explorer
‎09-29-2010 05:18 PM

Thanks for the help! The main issue I have with using the the forward license is that it says I can only forward up to 1 MB per day. Any truth to that?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...