Splunk Enterprise

How do I remove these messages?

felizsoc1
Engager

How do I remove these messages? And keep my license free operativealt text

Tags (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Removing the messages is easy - just click the "Delete All" button. Keeping them from coming back is another matter. The only way (aside from getting a bigger license) is to reduce the amount of data you ingest each day to below your license limit. Look for the most common sources and sourcetypes as they are probably sending the most data. Windows event logs and Linux audit logs tend to be very verbose as can performance metrics. Turn off the performance data you don't need and increase the interval between the metrics you do need. Consider filtering out unneeded events/audit.

---
If this reply helps you, Karma would be appreciated.

felizsoc1
Engager

OK, thank you very much for your answer, I am trying to put my splunk operative one more time

0 Karma

felizsoc1
Engager

How to reduce the amount of data that Splunk ingests each day to be below the license limit?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The simplest way is to disable inputs you don't need.
Review any wildcarded inputs to make sure they're not including too many files.

---
If this reply helps you, Karma would be appreciated.
0 Karma

felizsoc1
Engager

Many thanks for the answer, I'm trying to disable the performance data I do not need and increase the interval between the metrics I need, but I can not find a configuration menu where I can do it. Could you please help me by telling me where I am doing these tasks?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The exact steps depend on what metrics you collect and how you collect them. For example, the Splunk Add-on for Unix and Linux has a setup screen where you can choose the metrics that are collected and how often.
Depending on the complexity of your environment, you may be able to edit input.conf files (be sure to put your changes in the local directories) to disable unneeded data.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...