Hello. I looked around for answers in the FAQ and this forum, but was unable to find any. Apologies if this is already asked.
I possess a Splunk Enterprise license that expires in a few days.
I have following questions:
Will I be still able to use the Splunk dashboard to perform searches of data that was indexed prior to expiry?
Will I be able to perform API calls to retrieve events which were already indexed prior to expiry?
How is indexing (universal forwarding) affected. Will the splunk daemon throw an exception and stop adding new events?
Thank you.
... View more
Tried this as an example: curl -k -u admin:mypassword --data-urlencode search="search error" -d "output_mode=json" -d "count=10" -d "offset=0" -d "rf=sourcetype=rails" https://localhost:8001/servicesNS/admin/search/search/jobs/export Shouldnt I be getting 10 results? I get thousands of results.
... View more
Hello, Thank you for having me here.
I have a Enterprise license. I wish to move my existing logs which are in Splunk v5.0.1 into another logging solution.
I logged into Manager > Indexes and found that the in /mnt folder on an EBS. Just thinking out loud: Can I create an API endpoint that requests this data from Splunk?
If not, what alternatives I have to achieve that?
Thank you.
... View more