How do I export logs that were sent to Splunk Ligh...

walderbachj1 · ‎09-16-2016

We allowed our Splunk Light license to expire and moved to another logging solution. We would like to export the data Splunk has collected over the past year into something we can either import or at least read with a text editor or pipe into a tail command. I've seen other answers like this one: https://answers.splunk.com/answers/43442/how-to-export-logs-to-excel-or-text-file.html?utm_source=ty...

However, we cannot do any searches as it says we have exceeded our license. We have nothing sending logs to Splunk Light, but the customer service person I just spoke to basically said unless we pay for a license, all that data is locked away.

Are there any ways around this? I'm not telling my CTO to pay 5 grand just so we can access our own logs. Again, I'm not looking to cheat the indexing system, I just want to take my ball and go home.

ddrillic · ‎09-16-2016

Maybe the following can help - How do I Upgrade Splunk Light (free) to Splunk Enterprise (free, and then ultimately paid)?

It says -

walderbachj1 · ‎09-19-2016

I tried this but after install, the webUI just asks me to purchase a license and gives me less access than I had before. At least before I could see all the devices it had been collecting from and dates of last received data.

How do I export logs that were sent to Splunk Light?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?