Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Free License

nouraali
Explorer
‎02-23-2021 02:32 AM

Hi,

Hope you are fine.

Please note that I am currently using Splunk for self-learning. The enterprise trial license expired and now I am using the free trial.

I thought using the free trial would allow me to schedule searches as mentioned here , but in fact I am not able to schedule searches.

I really need to use this feature, for my training, before starting my new job.

Not sure what are the next steps to get this feature.

Please assist.

 

Best Regards,

Noura Ali

Labels (2)
0 Karma
Reply

nouraali
Explorer
‎02-28-2021 10:09 AM

Hi, 

Thanks for the clarification. But apart from the dev/test license, can i use the features below:

1- scheduled searches

I am not able to schedule searches; by clicking settings - > searches - > new search - > once it is created - > click on edit - > no schedule option in the drop down menu

2- summary index

I am not able to create summary indexes ; by clicking settings - > searches - > new search - > once it is created - > click on edit - > no summary index option in the drop down menu.

 

I would appreciate if you guided me how to try the mentioned features with free license. 

 

Best Regards,

Noura Ali 

0 Karma
Reply

Devan4Data
New Member
‎02-23-2021 10:35 PM

Hi Noura, 

The Splunk Free License is quite limited in functionality, but there might be a solution. 

Let's take a look at some of the limitations of the Splunk Free License that might be impacting your experience. 

  • Alerting (monitoring) is not available.
  • Restrictions on search, such as user quotas, maximum per-search time ranges, and search filters are not supported.
  • Report acceleration summaries are not available.
  • Any alerts you defined no longer trigger. You no longer receive alerts from Splunk software. 
  • You can still schedule searches to run for dashboards and summary indexing purposes.

As you can see, there are quite a few things that that might limit your ability to perform scheduled activities, but I suspect the last point is the one that you might be coming up against. 

The good news is that if your organisation is already a Splunk customer, Splunk offers a Developer License (exclusively for non-production use). There are a few restrictions, but scheduled searches and alerting should work just fine.

You can read more about the Dev/Test license here
You request a personalised Dev/Test license here

Hope this helps!

Regards,

Devan

www.4datasolutions.com

4Data_email_logo.png

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...