Splunk® Light

Getting Started Manual

Download manual as PDF

This documentation does not apply to the most recent version of SplunkLight. Click here for the latest version.
Download topic as PDF

Splunk Light features

Splunk Light delivers log search and analysis for individuals, small businesses, and work groups within larger organizations. It provides monitoring and troubleshooting solutions for the system administrators, support analysts, application teams, and developers who work with logs and are responsible for multiple use cases across multiple platforms.

Key features and capabilities


Add data from a variety of sources: upload files to Splunk Light, monitor files or directories, receive data from Splunk Forwarders, or enable pre-defined data sources from Splunk Add-ons. You can index logs, clickstream data, configurations, traps and alerts, messages, scripts, performance data and statistics from your applications, servers, mainframes and network devices—physical, virtual and in the cloud.

For more information, see About adding data.

Freeform search

Freeform search supports intuitive Boolean, nested, quoted string and wildcard searches familiar to anyone comfortable on the web. Includes real-time search, timerange search, and transaction-level search.

Monitor and alerting

Monitor for specific conditions and correlate events from multiple data sources across your IT infrastructure so you can monitor more meaningful and complex events.

Reporting and analysis

Generate reports on an immense amount of data instantly. Provides access to key data for a specified time window to make business-critical, real time decisions. Easily report on search results and on correlated events.

Custom Dashboards

Create custom dashboards and interactive views for different types of users, technical and non-technical. Integrate reports with search results. Edit dashboards using a simple drag-and-drop interface.


Extend the capabilities of Splunk Light by installing and enabling Splunk Add-ons. Splunk Light ships with Splunk Add-on for Unix and Linux, Splunk Add-on for Cisco ASA, or Splunk Add-on for Microsoft Windows. Depending on the platform you run, one or more of these add-ons are pre-installed.

You can browse Splunkbase for more Splunk Light compatible add-ons to install. See Configure an add-on to add data.

Splunk Light Free versus Splunk Light

The following table lists the Splunk Light features enabled by the license type.

Features Splunk Light Free Splunk Light
Daily Indexing Volume Up to 500MB Up to 20GB
Search and Reporting Yes Yes
Dashboards Yes Yes
Alerting No Yes
Accounts 1 Admin Up to 5, Admin and User
Add-ons Yes Yes

See About Splunk Light licensing in the Installation Manual.

Key differences between Splunk Light and Splunk Enterprise

Features Splunk Enterprise Splunk Light
Maximum daily indexing volume Unlimited 20GB
Maximum users Unlimited 5
Data collection add-ons Yes Yes
Apps Yes No
Monitoring and alerting Yes Yes
Dashboards and reports Yes yes
Search and analysis Yes Yes
Automatic data enrichment Yes Yes
Anomaly detection Yes Yes
Scalability Unlimited Single Server
Access control Customizable User and Admin only

See Splunk Light versus Splunk Enterprise Comparison.

Upgrade to Splunk Enterprise

You can upgrade and migrate from Splunk Light to Splunk Enterprise. For more information, see About Migrating Splunk Light in the Installation Manual.

Last modified on 02 March, 2016
About this manual
Start Splunk Light and log into Splunk Web

This documentation applies to the following versions of Splunk® Light: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters