Splunk Search

Is there anything comparable to SPL for offline use?

ttovarzoll
Path Finder

I love love love Splunk and especially SPL! It makes it so easy to generate very granular and detailed reports on large data-sets. But is there anything comparable for offline data? In the past I've used Excel and both it's 'Data:Filter' function along with custom formulas. But that all seems so restrictive now, compared to SPL.

Any suggestions? (Aside from temporarily importing my offline data into Splunk which I cannot do for various reasons...)

Labels (1)
Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

You can install Splunk on the same computer that runs Excel.  You'll still have to import the data, but at least it's still offline.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

You can install Splunk on the same computer that runs Excel.  You'll still have to import the data, but at least it's still offline.

---
If this reply helps you, Karma would be appreciated.

ttovarzoll
Path Finder

Interesting! What are the rules or restrictions around a 'personal' install? I've mostly used Splunk Cloud so I have limited experience doing local installs. It seems like a lot of work to configure, and after the initial 30-day(?) trial expires, what can or can't you do?

Also, btw, I found that I can duplicate a little of my SPL experience in Excel using the 'Text Filter' function. Still waaay more work then just writing a one-line SPL query but at least duplicates some of the power ...

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Local installations are easy to configure - they require almost no effort.  On Windows, you just download the installer and run it.  Splunk will be configured to run automatically.  There's little need to configure inputs until you need to load some data for a report and then it's done the same way you do it in Splunk Cloud.

Once the initial license expires, Splunk will revert to the Free license, which lets you ingest up to 500MB per day in a standalone system . This usually is good enough for an off-line test system.  If you need more ingest, request a Dev license at dev.splunk.com.  The Dev license allows you to ingest up 10GB per day.

---
If this reply helps you, Karma would be appreciated.

isoutamo
SplunkTrust
SplunkTrust

Here are some recent discussions about different splunk license types. https://community.splunk.com/t5/Installation/Is-the-Free-license-for-home-lab-available/m-p/645024#M...
You should download latest suitable OS version from splunk.com and then you have 60 days to decide which license option you like to use.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...