Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

When will the indexing violation go away?

Michael_Wilde
Splunk Employee
Splunk Employee
‎01-25-2011 04:14 PM

Currently I am on the 500 MB trial, but will probably move to the free license. I had exceeded the 500MB limit two days in a row, but I have made some changes in what I am eating and am now under the limit. When will the red message / indexing violation notice go away now that I am legit?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vaijpc
Communicator
‎01-25-2011 04:37 PM

After 14 days.

EDIT: Take note of the first bolded bit... 3 more violations on your current license or 1 more on a free license and you'll be locked out...

From http://www.splunk.com/base/Documentation/latest/Installation/AboutSplunklicenses

License violations

Violations occur when you exceed the maximum indexing volume allowed for your license. If you exceed your licensed daily volume on any one calendar day, you will get a violation warning. The message persists for 14 days. If you have 5 or more violations on an Enterprise license or 3 violations on a Free license in a rolling 30-day period, search will be disabled. Search capabilities return when you have fewer than 5 (Enterprise) or 3 (Free) violations in the previous 30 days or when you apply a new license with a larger volume limit.

During a license violation period:

  • Splunk does not stop indexing your data. Splunk only blocks access while you exceed your license.
  • Searches to the _internal index are not disabled. This means that you can still access the Indexing Status dashboard or run searches against _internal to diagnose the licensing problem.

Got License Violations? Click here to troubleshoot.

View solution in original post

Reply
Solved! Jump to solution
Solution

vaijpc
Communicator
‎01-25-2011 04:37 PM

After 14 days.

EDIT: Take note of the first bolded bit... 3 more violations on your current license or 1 more on a free license and you'll be locked out...

From http://www.splunk.com/base/Documentation/latest/Installation/AboutSplunklicenses

License violations

Violations occur when you exceed the maximum indexing volume allowed for your license. If you exceed your licensed daily volume on any one calendar day, you will get a violation warning. The message persists for 14 days. If you have 5 or more violations on an Enterprise license or 3 violations on a Free license in a rolling 30-day period, search will be disabled. Search capabilities return when you have fewer than 5 (Enterprise) or 3 (Free) violations in the previous 30 days or when you apply a new license with a larger volume limit.

During a license violation period:

  • Splunk does not stop indexing your data. Splunk only blocks access while you exceed your license.
  • Searches to the _internal index are not disabled. This means that you can still access the Indexing Status dashboard or run searches against _internal to diagnose the licensing problem.

Got License Violations? Click here to troubleshoot.

Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...