Homelab

380 readers

9 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

[email protected]

Splunk Opinions? (alien.top)

submitted 11 months ago by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

Deployed Splunk on Portainer and setup all my docker containers to stream logs to Splunk.

Seems to be free as long as Splunk doesn’t ingest over 500MB a day.

Opinions?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 11 months ago

As a splunk architect- I really enjoy it.

For home use, its ok. But, without the enterprise features, it limits a lot of the capabilities.

You CAN use cribl.io with it, to replace a lot of the missing features... and to reduce the amount of data being stored. It has an extremely generous 1T/day free plan.

You can also use the universal forwarders, as they do not have a license attached.

Data is only licensed when it is written by an indexer.

There, are also ways of using the enterprise plan........ by selectively not storing certain files under /etc... and restarting the container every few days.