(I’m Back!) The return of Splunk Free, as in Free Beer
| Topics: | Uncategorized |
|---|---|
| Tags: | |
| Share: |
*** Update 10/26/09 ***
Free is Back!!
Well it never really went away, but not its easy to run the free version of splunk.
Downloads still contain an enterprise 60 day license, but you can covert to the free product at time you like and use it like a champion.
Back several months, before the launch of 4.0, we were confronting at all the work ahead. As always, we had to make hard decisions about what is in and what is out. In 4.0 we had re-implemented much of the UI and a good chunks of the backend. With over 1000 paying customers and looking at a potentially challenging upgrade process and a huge testing task we needed to reduce risk to the schedule and product quality. It was a hard decision but we reduced the GA risk by pulling out the Free product until we GA’d and fixed most of the critical bugs. Our guess was that it would take 45-90 beyond the GA to get few maintenance releases out before we could test the free product.
Again, this was a hard decision since we know that our free product helped us get a large and loyal user base. It was hard as it has been our motto to always have a high-quality and useful free version. But at the time we needed to get 4.0 out to our largest customers and we could not wait.
Anyhow, cut to the end of the story, we will soon release the free product again. As always, its full of cool features and we know that is a good place for many people to start to their Splunk experience. Next time we have a major upgrade I hope that we have sorted out the free product by the time we GA.
If you have questions about free or anything else just drop me an email -> my first name at splunk dot com.
e
October 1st, 2009 at 10:55 pm
[...] http://blogs.splunk.com/erik/2009/09/23/coming-soon-the-return-of-splunk-free-as-in-free-beer/ a few seconds ago from web [...]
October 10th, 2009 at 7:20 pm
When is the free version expected to come out? i really liked version and I just did a reinstall, but it is no longer free.
October 28th, 2009 at 7:16 am
Hello
This is great! , we did purchase a 5gb enterprise license for our critical systems but this free version is a good option for our test lab. Does it comes with a real free beer coupon ;p ?
Enjoy!
October 28th, 2009 at 11:37 am
It would have been nice to have a link to the download!
October 29th, 2009 at 1:26 am
Is there a limitation on the size of log files that splunk free can process?
October 29th, 2009 at 6:07 am
So, just to understand what “free” means and what it does…
The only difference that I see between 4.0’s [disabled] features and that of 2.x-3.x is that the alerting is disabled in 4.0 as opposed to the earlier versions where the alerting functionality was included. Do I have this right?
This was a somewhat useful piece, and I’m curious as to whether the specific decision to leave this out was made for any particular reason?
And, yes, I understand the verbiage about this being for “personal” use. The problem is that for small environments where we’re expected to try to find FOSS solutions for as many infrastructure applications as possible, there’s a big step there to the least-expensive license.
(Not to sound ungrateful, of course - just want to be clear on this - we do love the product…)
October 29th, 2009 at 7:37 am
Few replies in one…. ( Fernando, Nick and K.M. )
Fernando, you can always get a free beer here at Splunk. If you are ever in SF, come by, no coupon needed! We love it when users stop by for a drink.
Nick, there is no limitation on the size of files you can eat for any given day. Go ahead and index a terabyte. The limitations are that you cannot do that for 3 days in a rolling 30 day period - ya, a bit complicated. The free product is *designed* for ad-hoc use with large volumes or for lower volumes of continuous input. Feel free to bug me if that does not make sense.
K.M., it was a long process trying to decide if we can/should pull alerting out of free. We have the tricky balance of trying to provide a great free product but also make some money along the way. It was not an easy or clean cut decision and we knew that people would be bummed. I can hint that you can work around it yourself using cron or equivalent, its not as easy but then it shouldn’t be too hard either. We are committed to providing a great and useful free product and finding the right balance of features will be an ongoing challenge. Perhaps most important is your feedback - do let us know what you want in, what features we are missing all together, what does not make sense, etc. Its really hard to build a great product without lots of input
October 29th, 2009 at 9:48 pm
Eric, great to hear! I’ve long been a fan of Splunk and often recommend it to our clients. Splunk is the only sane way to do large scale log analysis in my opinion.
A few years ago Splunk had promised an open source version. I fully understand the reasons why Splunk decided against this. However, now that you have achieved profitability and version 4.0 has been out for a few months, would Splunk consider honoring their original promise by releasing their older 2.0 or 3.0 versions under an open source license such as GPL or AGPL? Even if you held back the web interface (even though I’d love to see that opensourced as well) and only released the indexing engine, the CLI, forewarding/recieving, and API, I’m sure there are many FOSS projects and Linux distributions that would be excited to re-use your code.
I personally work on various open source projects and have longed to use spunk in them. In particular we about to start a complete rewrite of the BASE project (base.secureideas.net) and would love to replace our backend database (currently MySQL) with an opensource version of Splunk. I am also a lead developer of the Samurai-WTF Live CD project (samurai.inguardians.com) and would love to include an open source version of Splunk to collect the output of the various pentest tools. The distribution and modification restrictions of Splunk Free are simply show stoppers for these purposes.
I understand that Splunk may decide this isn’t possible, but since you run you company in such an open-to-the-community manner, I thought it was worth the effort to ask. Regardless of your decision, I will continue to be a huge fan and will always remain appreciative of your Free versions.
November 2nd, 2009 at 11:47 am
Thanks for the thoughts Justin.
Open sourcing “Splunk” becomes complicated when you start to pull on that string - we wrestled with that decision for years when starting out. I’m not sure if I would do things differently if had to do it all over again, but the pro/con lists make it a very close call.
We are starting now to publish some of our code to the open source. I don’t know if we ever get to open sourcing the engine, indexer, forwarder, … code. We have often talked about how cool it would be to provide a database to the community - we were huge fan’s of sleepycat/berkely db and often thought that would be a good model. Targeting developers by providing a Splunk engine is a fantastic idea, i’m just not sure what the model looks like - but i know there are lots of folks out there who would use it.
I’m working on 2010 planning and will add “stuff” to look at how to get our engine out to developers better - I’m not sure if open source is the answer, but will look at all options.
Thank you very much for bringing it up, we need your input to keep us heading the right direction.
Regards,
e
November 4th, 2009 at 5:58 pm
Hi Erik –
I arrived here google searching about how to get my saved scheduled searches migrated to 4.0. I’m a bit disappointed about the lack of search-notifications for free licenses upgraded from 3.0 to 4.0x, and wish more was mentioned in this regards in the migration considerations sections of the manual.
Perhaps you could consider in a future release retaining search notifications for users who are performing an upgrade install for 3.x, but not marketing it to any new install free customers?
November 4th, 2009 at 7:52 pm
Hi Paul,
It was a hard decision to remove the notification and one not taken lightly. I hope that it was obvious that the feature was not longer available, we tried hard to explain this to folks before upgrade. I’m not sure if that feature will come back to the free product at some point. In the mean time, the only recommendation i have is to use some other scheduler to run the search for you. I know this is extra work but we needed to have some difference between the free and pay for version or we would not be able to keep all the engineers working on the free product.
I hope you understand and if you have other ideas please let me know.
Regards,
e