Deployed Splunk on Portainer and setup all my docker containers to stream logs to Splunk.
Seems to be free as long as Splunk doesn’t ingest over 500MB a day.
Opinions?
Deployed Splunk on Portainer and setup all my docker containers to stream logs to Splunk.
Seems to be free as long as Splunk doesn’t ingest over 500MB a day.
Opinions?
As a splunk architect- I really enjoy it.
For home use, its ok. But, without the enterprise features, it limits a lot of the capabilities.
You CAN use cribl.io with it, to replace a lot of the missing features… and to reduce the amount of data being stored. It has an extremely generous 1T/day free plan.
You can also use the universal forwarders, as they do not have a license attached.
Data is only licensed when it is written by an indexer.
There, are also ways of using the enterprise plan… by selectively not storing certain files under /etc… and restarting the container every few days.