Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Testdrive, daily indexing quota?

tore_stensby
New Member
‎03-31-2011 11:03 AM

Hello. I am giving this software a testdrive on one of my servers. Accidently I pointed to a log-directory holding 23 files, 643MB. Does this mean that I have wait until tomorrow to get the chance to do further testing? As now, nothing shows up when trying to se data in this index.

Tags (1)
0 Karma
Reply

skippylou
Communicator
‎03-31-2011 11:46 AM

Have a look here:

http://www.splunk.com/base/Documentation/latest/Admin/MoreaboutSplunkFree

You should be able to go over the 500MB indexing limit up to 3 times in a 30 day period before search is disabled.

Regarding not getting any results back, perhaps your searching over a time period that does not have logs indexed for? Meaning you may have last hour or last day, but the logs in that directory are from prior to that.

Try setting 'All Time' if not already next to the search bar and do a search for * or something that you know is in there.

Hope that helps,

Scott

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...