Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is the default 500 MB usage valid for log of sourcetype other than fixed sourcetype of license?

MegSplunk
Path Finder
‎01-30-2014 06:26 AM

I have a single Splunk instance ( No master slave configuration ). Our Splunk license is for a fixed sourcetype. If I try to add a log file ( less than 500 MB ) of a different sourcetype ( other than the fixed sourcetype of license ), Splunk throws a license violation.

How can i allot the default (free) 500 MB usage for this second sourcetype?

Any help appreciated.

Thanks in advance.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎01-30-2014 12:36 PM

There is such a thing as a single sourcetype license; although, this is usually seen in an OEM situation. I would recommend installing another instance of Splunk (either on a new server or the same server) with a 500 MB free license.

Here is how to install multiple instances of Splunk on the same server -> https://wiki.splunk.com/Community:Run_multiple_Splunks_on_one_machine

View solution in original post

Reply
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎01-30-2014 12:36 PM

There is such a thing as a single sourcetype license; although, this is usually seen in an OEM situation. I would recommend installing another instance of Splunk (either on a new server or the same server) with a 500 MB free license.

Here is how to install multiple instances of Splunk on the same server -> https://wiki.splunk.com/Community:Run_multiple_Splunks_on_one_machine

Reply
Solved! Jump to solution

MegSplunk
Path Finder
‎02-04-2014 10:21 PM

We believed that for the logs of second sourcetype, the default limit of 500 MB will be used.

So either a separate installation or a separate license for the second sourcetype is in order. Thanks for all the help.

0 Karma
Reply
Solved! Jump to solution

kristian_kolb
Ultra Champion
‎01-30-2014 01:47 PM

Interesting, you learn something new every day!

So that means that you @MegSplunk are trying to break the intent of the license agreement that you have, and you're being stopped from doing that.

Just quit doing that and download a free version of Splunk, and no one will complain.

/k

Reply
Solved! Jump to solution

kristian_kolb
Ultra Champion
‎01-30-2014 06:56 AM

"Our Splunk license is for a fixed sourcetype". I have never heard of that, could you describe further?

The 500 MB limit (or indeed any license limit) is for the combined uncompressed size of the log files that are indexed by the Splunk instance during a 24-hour period (midnight to midnight). Splunk internal logs, which are stored in the _internal index does not count towards the license.

So perhaps there are other log files that - combined with your logs - will exceed the total allowed limit.

/K

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...