Hello. I am giving this software a testdrive on one of my servers. Accidently I pointed to a log-directory holding 23 files, 643MB. Does this mean that I have wait until tomorrow to get the chance to do further testing? As now, nothing shows up when trying to se data in this index.
Have a look here:
http://www.splunk.com/base/Documentation/latest/Admin/MoreaboutSplunkFree
You should be able to go over the 500MB indexing limit up to 3 times in a 30 day period before search is disabled.
Regarding not getting any results back, perhaps your searching over a time period that does not have logs indexed for? Meaning you may have last hour or last day, but the logs in that directory are from prior to that.
Try setting 'All Time' if not already next to the search bar and do a search for * or something that you know is in there.
Hope that helps,
Scott