All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Whats the point of the enterprise trial? I installed it and was over my limit within 5 mins of using it?!?

timhon5
Engager
‎05-26-2011 12:45 PM

I started to index /var/log and boom, over my limit immediately. How can I even get the feel for this if I cant use it at all? I assumed the indexer would ignore old rotated files, but perhaps it also counts those towards the daily total?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎05-26-2011 01:57 PM

Hi Tim,

A couple of things to note here with regard to the license volume limit. You are allowed 5 violations(3 with the free license) within a rolling 30 day period before search is disabled. After this, you'd need to wait 30 day before you could search any non internal index again.

If your just testing splunk, move a subset of data from /var/log into another folder. I have an enterprise trial license monitoring /var/log on a laptop, and haven't had any issues with it.

By default, the indexer is going to look at the first 256 bytes of a file and if it matches what we've recorded, it is going to skip indexing those files. If you want to ensure that files are not indexed, you can blacklist those files. 

http://www.splunk.com/base/Documentation/latest/Data/Whitelistorblacklistspecificincomingdata

If you need more volume per day, do not hesitate to contact sales@splunk.com and ask for a larger trial license. They will be glad to assist.

View solution in original post

Reply
Solved! Jump to solution

muebel
SplunkTrust
SplunkTrust
‎05-29-2011 08:30 AM

You can get a feel for it by indexing a subset of /var/log, or taking advantage of its general analysis capabilities by indexing a specific application log. Take a look at this list of apps. Splunk lets you find a needle in a haystack, but it also does a lot of good when just trying to view data from different angles.

0 Karma
Reply
Solved! Jump to solution

mw
Splunk Employee
Splunk Employee
‎05-29-2011 06:15 AM

When you first install Splunk, and point it at something like a directory to monitor, it's going to index everything in there unless you specify to "tail only". That would account for passing the limit, but doesn't necessarily indicate that you'll continue to do so.

In any case, the enterprise trial volume limit would generally be enough for someone to get familiar with splunk. If you need more volume you would need to contact sales.

0 Karma
Reply
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎05-26-2011 01:57 PM

Hi Tim,

A couple of things to note here with regard to the license volume limit. You are allowed 5 violations(3 with the free license) within a rolling 30 day period before search is disabled. After this, you'd need to wait 30 day before you could search any non internal index again.

If your just testing splunk, move a subset of data from /var/log into another folder. I have an enterprise trial license monitoring /var/log on a laptop, and haven't had any issues with it.

By default, the indexer is going to look at the first 256 bytes of a file and if it matches what we've recorded, it is going to skip indexing those files. If you want to ensure that files are not indexed, you can blacklist those files. 

http://www.splunk.com/base/Documentation/latest/Data/Whitelistorblacklistspecificincomingdata

If you need more volume per day, do not hesitate to contact sales@splunk.com and ask for a larger trial license. They will be glad to assist.

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...