Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Light Does not Show added data.

varunbiswas
New Member
‎05-06-2016 07:31 AM

HI Team,

We are evaluating Splunk Light for a small customer requirement.
We recently added a directory with about 900+ files and stands at about 8 GB. The Data Input is showing all the files
alt text

The free download features says Splunk Light can ingest upto 20 GB of data.
I still only see 5 Sources and 4 Source types after I added the directory to Splunk Light.
alt text

Why is this? How can we solve this?

Regards,
Varun

Tags (1)
Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

rbittner_splunk
Splunk Employee
Splunk Employee
‎05-06-2016 06:04 PM

Well it looks like you ingest 10MB on Monday the 26th (or thereabouts) and it looks like from your earlier screen shot that you have 983 files ingested. So it looks like you have ingested your data. Have you tried searching for an event in one of the files?

0 Karma
Reply

rbittner_splunk
Splunk Employee
Splunk Employee
‎05-06-2016 05:47 PM

Splunk is licensed based on the maximum amount of data you index per day and the best way to understand your license usage is to look at the licensing page. The free version allows up to 500MB per day (you can go over this limit a certain amount of times in a 30 day window), you can buy licenses in various increments (1GB, 2GB, 5GB, 10GB, 15GB and 20GB) to suit the amount of data you index on a daily basis. The newest trial version of Splunk Light gives you 5GB for 30 days to help you better understand what volume you should expect.

To answer your question about number of files, it looks like from your first screen shot you have 983 files being indexed from /ServerLogs. Those files are grouped into 5 sources and 4 source types. Select Host (1) and click on the link. Splunk Light should then list all of the log events collected from your system and verify that all your data is being collected.

Reply

jterry
Splunk Employee
Splunk Employee
‎05-06-2016 01:10 PM

Splunk Light has a current maximum ingestion rate of 20g/day. The free & trial versions are limited by license to something less than that.
Go to the license page by way of the side-nav menu to see what you're currently licensed for.

0 Karma
Reply

varunbiswas
New Member
‎05-06-2016 01:16 PM

Hi,

The daily volume max is 5 GB/day.
alt text

In that case too, should I be able to ingest at max 5 GB and the rest of the 5 GB can be ingested the next day?

That too is not happening.

Preview file
1 KB
0 Karma
Reply
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!