Installation

When converting to the free license, do you lose the monitor data source ability?

mhill421
Engager

I just installed Splunk and so far I like it. The free license seems to suit our needs, however, I'm curious about the switch from the Enterprise trial to perpetual free. Right now I have Splunk indexing some of my servers' data. I added these by selecting "Settings>Add data" and selecting the monitor option. I then chose what I want to monitor (in this example, Windows event logs), and then I'm done.

My question is, since it appears "Monitoring and Alerts" aren't included in the free license, will I still be able to use this monitor source feature? Basically it sounds like once you convert to the free license, Splunk will no longer automatically grab the logs from remote servers, requiring you to update them manually via file upload.

Is this the case? If not, what is?

Thanks!

Labels (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

The monitor:// input remains, it's the cornerstone of Splunk data inputs. "Monitoring and Alerts" refers to scheduling searches to alert you of trouble, that's not included in Splunk Free.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

The monitor:// input remains, it's the cornerstone of Splunk data inputs. "Monitoring and Alerts" refers to scheduling searches to alert you of trouble, that's not included in Splunk Free.

View solution in original post

mhill421
Engager

Ah okay perfect! I figured as much since the free version would be close to useless without it, but wanted to be sure before I spent the time configureing everything. Thank you!

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!