Splunk Light features
Splunk Light delivers log search and analysis for individuals, small businesses, and work groups within larger organizations. It provides monitoring and troubleshooting solutions for the system administrators, support analysts, application teams, and developers who work with logs and are responsible for multiple use cases across multiple platforms.
Key features and capabilities
Add data from a variety of sources: upload files to Splunk Light, monitor files or directories, receive data from Splunk Forwarders, or enable pre-defined data sources from Splunk Add-ons. You can index logs, clickstream data, configurations, traps and alerts, messages, scripts, performance data and statistics from your applications, servers, mainframes and network devices—physical, virtual and in the cloud. See About adding data to Splunk Light in the Getting Started Manual.
Gather metrics from your technology infrastructure, security systems, and business applications and store this data into a new type of index that is optimized for ingestion and retrieval of metrics. Splunk Light provides pretrained source types that support line protocols for common metrics agents such as StatsD and collect, but you can also create custom transformations to work with additional clients. See Overview of metrics in the Splunk Enterprise Metrics manual.
Freeform search supports intuitive Boolean, nested, quoted string and wildcard searches familiar to anyone comfortable on the web. Includes real-time search, timerange search, and transaction-level search.
Monitor and alerting
Monitor for specific conditions and correlate events from multiple data sources across your IT infrastructure so you can monitor more meaningful and complex events.
Reporting and analysis
Generate reports on an immense amount of data instantly. Provides access to key data for a specified time window to make business-critical, real time decisions. Easily report on search results and on correlated events.
Create custom dashboards and interactive views for different types of users, technical and non-technical. Integrate reports with search results. Edit dashboards using a simple drag-and-drop interface.
You can extend the capabilities of Splunk Light by installing and enabling additional Splunk Add-ons. Splunk Light includes a set of add-ons that you can install and enable to configure new data inputs. You can also browse Splunkbase for more Splunk Light compatible add-ons to install. See Configure an add-on to add data in Splunk Light in the Getting Started Manual.
Splunk Light Free versus Splunk Light
The following table lists the Splunk Light features enabled by the license type.
|Features||Splunk Light Free||Splunk Light|
|Daily Indexing Volume||Up to 500MB||Up to 20GB|
|Search and Reporting||Yes||Yes|
|Accounts||1 Admin||Up to 5, Admin and User|
See About Splunk Light licensing in the Installation Manual.
Differences between Splunk Light and Splunk Enterprise
|Features||Splunk Enterprise||Splunk Light|
|Maximum daily indexing volume||Unlimited||20GB|
|Data collection add-ons||Yes||Yes|
|Monitoring and alerting||Yes||Yes|
|Dashboards and reports||Yes||Yes|
|Search and analysis||Yes||Yes|
|Automatic data enrichment||Yes||Yes|
|Access control||Customizable||User and Admin only|
Upgrade to Splunk Enterprise
You can upgrade and migrate from Splunk Light to Splunk Enterprise. See About upgrading and migrating Splunk Light in the Installation Manual.
About the Splunk Light Getting Started Manual
Start Splunk Light and log into Splunk Web
This documentation applies to the following versions of Splunk® Light: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.3.0, 7.3.1