Hello Splunkers,
My sole intention is to only view events if they are fetched appropriately from UFs or not, as a part of testing after deploying any TA through DS.
I don't need any clustering with indexers or distributed search head.
I'm thinking to provision test server and install Splunk enterprise with personalized dev test license, and place it within prod servers network, for testing, debugging.
Will this suffice my need, how reliable it would be to use personalized dev test license for such testing or development monitoring purpose?
Will this decision be reliable for a longer tem, considering I renew license every 6 months?
What can be other factors I need to understand.
I'm trying to find alternative instead of extending our prod license, since we don't have large prod license.
Any suggestions would be appreciated to help me to take my decision over this part
I think that for this use case, you can use the Splunk Enterprise trial license available in a variety of deployment factors to satisfy your requirements. This includes a simple virtual machine, AWS AMI, docker images, etc. The trial license supports all features that you describe and past versions are available as well.
https://www.splunk.com/en_us/download/splunk-enterprise.html
https://splunk.github.io/docker-splunk/
https://aws.amazon.com/marketplace/pp/Splunk-Inc-Splunk-Enterprise/B00PUXWXNE