You can use splunk for free for up to 500 megabytes of indexed data daily. To make sure you do not run beyond this limitation, use the following query: index=_internal group=”per_source_thruput” NOT series=”*splunk/var/log*” | eval mb=kb/1024| timechart span=1d sum(mb) by series When drawing a bar graph, you directly see, what type of log is filling… Continue reading Splunk: Keep indexed volume under control