I'm doing a Splunk POC and I'm using the trial download. Thanks to a message I just got at the top of Splunk, I just learned that there are limits to the amount of data I can index daily.
How do I filter what I want to index so I can get only the information I need and stay under the limit? I'll be indexing windows event logs, performance data, snmp logs from hp blade systems, switch\firewall data, sharepoint logs, sql logs, iis logs and what ever else we can to get a good overview of our machine\network data.
Thanks,
Jamey
... View more