I just installed Splunk and so far I like it. The free license seems to suit our needs, however, I'm curious about the switch from the Enterprise trial to perpetual free. Right now I have Splunk indexing some of my servers' data. I added these by selecting "Settings>Add data" and selecting the monitor option. I then chose what I want to monitor (in this example, Windows event logs), and then I'm done.
My question is, since it appears "Monitoring and Alerts" aren't included in the free license, will I still be able to use this monitor source feature? Basically it sounds like once you convert to the free license, Splunk will no longer automatically grab the logs from remote servers, requiring you to update them manually via file upload.
Is this the case? If not, what is?
Thanks!
The monitor://
input remains, it's the cornerstone of Splunk data inputs. "Monitoring and Alerts" refers to scheduling searches to alert you of trouble, that's not included in Splunk Free.
The monitor://
input remains, it's the cornerstone of Splunk data inputs. "Monitoring and Alerts" refers to scheduling searches to alert you of trouble, that's not included in Splunk Free.
Ah okay perfect! I figured as much since the free version would be close to useless without it, but wanted to be sure before I spent the time configureing everything. Thank you!