I am sorry to hear that. Maybe if I find the time, I'll write an app that will do what I intended (if possible). Thank you for your time. If you post a summary of this as answer, I'll mark it as the solution. ... View more

As I tried to explain above: I do not intend to do anything with the data in Splunk, I therefore don't want to index it. I also hope that, at the core, Splunk makes a difference between indexing and storing, because they are completely different things. The non-splunk solution would be the hard drive, where I'd be happy to have the logs simply stored as .txt or .log or whatever original raw format. ... View more

Ok. I'll try to rephrase: I want to use Splunk to collect logs and store them. Just not in searchable, indexed buckets. According to the WBT, It is possible to setup a complex environment in which one Splunk instance only parses the logs and then sends them to another instance which handles indexing. The first/parsing instance obviously holds the parsed data in some way and instead of forwarding the data to indexing, I would like to simply store it. ... View more

Splunk should certainly be capable of collecting logs without doing any processing (which includes indexing) and storing them. This is a basic feature and required for reliability. The lack of such would make me doubt the quality of the product. ... View more

There are logs which I want to index, search and create alerts for. But some logs are only required for a detailed analysis, which happens less than once a month. However, those logs would only push me over the license quota. I therefore do intend to use Splunk, but I want to avoid using another software to collect and manage other logs. The Splunk WBT specifically mentions that parsing logs does not affect the license, only indexing. So far I have not been able to figure out how to parse without indexing. ... View more