Q1, I know it is indexed MAX 500MB per 1 day when using splunk free license.
In this case, regargding limit, it indicates an indexed data, NOT imported data from each servers?
Q2, In the Q1, if imported data was exceeded over 500MB and indexed data is less 500MB,
Can I use Splunk free license forever? In that case, how can I filter data when I index data?
Regarding security logs for Windows, there are many logs.
I want to import all logs from each servers to Splunk server but I don't want to index only failure logs without success logs.
In this case, can I filter?
... View more