Splunk Light features
Splunk Light delivers log search and analysis for individuals, small businesses, and work groups within larger organizations. It provides monitoring and troubleshooting solutions for the system administrators, support analysts, application teams, and developers who work with logs and are responsible for multiple use cases across multiple platforms.
Key features and capabilities
Add data from a variety of sources: upload files to Splunk Light, monitor files or directories, receive data from Splunk Forwarders, or enable pre-defined data sources from Splunk Add-ons. You can index logs, clickstream data, configurations, traps and alerts, messages, scripts, performance data and statistics from your applications, servers, mainframes and network devices—physical, virtual and in the cloud.
For more information, see About adding data.
Freeform search supports intuitive Boolean, nested, quoted string and wildcard searches familiar to anyone comfortable on the web. Includes real-time search, timerange search, and transaction-level search.
Monitor and alerting
Monitor for specific conditions and correlate events from multiple data sources across your IT infrastructure so you can monitor more meaningful and complex events.
Reporting and analysis
Generate reports on an immense amount of data instantly. Provides access to key data for a specified time window to make business-critical, real time decisions. Easily report on search results and on correlated events.
Create custom dashboards and interactive views for different types of users, technical and non-technical. Integrate reports with search results. Edit dashboards using a simple drag-and-drop interface.
Extend the capabilities of Splunk Light by installing and enabling Splunk Add-ons. Splunk Light ships with Splunk Add-on for Unix and Linux, Splunk Add-on for Cisco ASA, or Splunk Add-on for Microsoft Windows. Depending on the platform you run, one or more of these add-ons are pre-installed.
You can browse Splunkbase for more Splunk Light compatible add-ons to install. See Configure an add-on to add data.
Splunk Light Free versus Splunk Light
The following table lists the Splunk Light features enabled by the license type.
|Features||Splunk Light Free||Splunk Light|
|Daily Indexing Volume||Up to 500MB||Up to 20GB|
|Search and Reporting||Yes||Yes|
|Accounts||1 Admin||Up to 5, Admin and User|
See About Splunk Light licensing in the Installation Manual.
Key differences between Splunk Light and Splunk Enterprise
|Features||Splunk Enterprise||Splunk Light|
|Maximum daily indexing volume||Unlimited||20GB|
|Data collection add-ons||Yes||Yes|
|Monitoring and alerting||Yes||Yes|
|Dashboards and reports||Yes||yes|
|Search and analysis||Yes||Yes|
|Automatic data enrichment||Yes||Yes|
|Access control||Customizable||User and Admin only|
Upgrade to Splunk Enterprise
You can upgrade and migrate from Splunk Light to Splunk Enterprise. For more information, see About Migrating Splunk Light in the Installation Manual.
About this manual
Start Splunk Light and log into Splunk Web
This documentation applies to the following versions of Splunk® Light: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5