Reporting

Splunk Free License

nouraali
Explorer

Hi,

Hope you are fine.

Please note that I am currently using Splunk for self-learning. The enterprise trial license expired and now I am using the free trial.

I thought using the free trial would allow me to schedule searches as mentioned here , but in fact I am not able to schedule searches.

I really need to use this feature, for my training, before starting my new job.

Not sure what are the next steps to get this feature.

Please assist.

 

Best Regards,

Noura Ali

Labels (2)
0 Karma

nouraali
Explorer

Hi, 

Thanks for the clarification. But apart from the dev/test license, can i use the features below:

1- scheduled searches

I am not able to schedule searches; by clicking settings - > searches - > new search - > once it is created - > click on edit - > no schedule option in the drop down menu

2- summary index

I am not able to create summary indexes ; by clicking settings - > searches - > new search - > once it is created - > click on edit - > no summary index option in the drop down menu.

 

I would appreciate if you guided me how to try the mentioned features with free license. 

 

Best Regards,

Noura Ali 

0 Karma

Devan4Data
New Member

Hi Noura, 

The Splunk Free License is quite limited in functionality, but there might be a solution. 

Let's take a look at some of the limitations of the Splunk Free License that might be impacting your experience. 

  • Alerting (monitoring) is not available.
  • Restrictions on search, such as user quotas, maximum per-search time ranges, and search filters are not supported.
  • Report acceleration summaries are not available.
  • Any alerts you defined no longer trigger. You no longer receive alerts from Splunk software. 
  • You can still schedule searches to run for dashboards and summary indexing purposes.

As you can see, there are quite a few things that that might limit your ability to perform scheduled activities, but I suspect the last point is the one that you might be coming up against. 

The good news is that if your organisation is already a Splunk customer, Splunk offers a Developer License (exclusively for non-production use). There are a few restrictions, but scheduled searches and alerting should work just fine.

You can read more about the Dev/Test license here
You request a personalised Dev/Test license here

Hope this helps!

Regards,

Devan

www.4datasolutions.com

4Data_email_logo.png

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Request for Professional Development: Attending .conf26

Winning Over the Boss: Your Pass to .conf26 conf26 is going to be here before you know it. If don't already ...