Documentation

Contents
Contents
Contents
Contents

Splunk Product Editions (SKUs) Supported by uberAgent

Splunk comes in multiple product editions:

  • Splunk Free
  • Splunk Light
  • Splunk Enterprise
  • Splunk Cloud

Splunk Free, Splunk Light, and Splunk Enterprise are hosted on-premises while Splunk Cloud is hosted by Splunk.

Out of these SKUs, Splunk Enterprise and Splunk Cloud are fully supported by uberAgent.

Splunk Enterprise

After installation, Splunk operates in Enterprise mode for 60 days after the installation. After that, it reverts to Free mode if no license is added.

During the 60-day trial period, Splunk is restricted to a daily data volume of 500 MB per day.

Splunk Cloud

To be used in Splunk Cloud, a customer needs to file a Splunk support ticket to get the uberAgent apps installed. The cloud vetting team will then review the apps and approve them for Splunk Cloud installation.

The following apps are available in Splunk Cloud:

After the uberAgent apps have been installed in your Splunk Cloud environment, some manual actions need to be taken. This knowledgebase article contains all the necessary details.

Splunk Free

uberAgent generally works well with Splunk Free except for one thing: Splunk bug SPL-40332 breaks not the initial creation but the update of CSV lookup tables. To workaround that we had to replace the outputlookupcommand with action.populate_lookup in a saved search. That, however, is a feature not enabled with Splunk Free.

As a result, uberAgent does not work correctly on Splunk Free until SPL-40332 has been fixed in a future version of Splunk.

However, using this workaround the lookup table can be generated manually.

Please see this document for more information on Splunk Free. There is also a feature comparison table between Splunk Free, Splunk Enterprise and Splunk Cloud available.

Splunk Light

Splunk Light has a very limited feature set that does not even include the installation of apps (see Splunk Light vs. Splunk Enterprise). Due to these limitations, uberAgent cannot work with Splunk Light.

Leave a Reply

Your email address will not be published. Required fields are marked *