I love love love Splunk and especially SPL! It makes it so easy to generate very granular and detailed reports on large data-sets. But is there anything comparable for offline data? In the past I've used Excel and both it's 'Data:Filter' function along with custom formulas. But that all seems so restrictive now, compared to SPL.
Any suggestions? (Aside from temporarily importing my offline data into Splunk which I cannot do for various reasons...)
You can install Splunk on the same computer that runs Excel. You'll still have to import the data, but at least it's still offline.
You can install Splunk on the same computer that runs Excel. You'll still have to import the data, but at least it's still offline.
Interesting! What are the rules or restrictions around a 'personal' install? I've mostly used Splunk Cloud so I have limited experience doing local installs. It seems like a lot of work to configure, and after the initial 30-day(?) trial expires, what can or can't you do?
Also, btw, I found that I can duplicate a little of my SPL experience in Excel using the 'Text Filter' function. Still waaay more work then just writing a one-line SPL query but at least duplicates some of the power ...
Local installations are easy to configure - they require almost no effort. On Windows, you just download the installer and run it. Splunk will be configured to run automatically. There's little need to configure inputs until you need to load some data for a report and then it's done the same way you do it in Splunk Cloud.
Once the initial license expires, Splunk will revert to the Free license, which lets you ingest up to 500MB per day in a standalone system . This usually is good enough for an off-line test system. If you need more ingest, request a Dev license at dev.splunk.com. The Dev license allows you to ingest up 10GB per day.
Here are some recent discussions about different splunk license types. https://community.splunk.com/t5/Installation/Is-the-Free-license-for-home-lab-available/m-p/645024#M...
You should download latest suitable OS version from splunk.com and then you have 60 days to decide which license option you like to use.