Monitoring Splunk

Not able to read windows registry using SPLUNK on local windows system

nandkumar90
New Member

I am trying to read registry on my local windows system.
I have setup registry monitoring index and launch the search.
. I have not used our local system for any other search before this but still facing license issue.
Here is splunk log:

"ShutdownLevel_ApplicationLicenseChecker"
11-21-2017 18:08:55.214 INFO  ShutdownHandler - shutting down level "ShutdownLevel_S3ConnectionPoolManager"
11-21-2017 18:08:55.214 INFO  ShutdownHandler - Shutdown complete in 1000 microseconds
11-21-2017 18:08:55.214 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Renew your Splunk license by visiting www.splunk.com/store or calling 866.GET.SPLUNK.

Any help?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Exceeding your license is the result of indexing too much data. It's unrelated to searching except for being blocked from doing searches until the violation is resolved.
Windows logs are very verbose so it's very easy to exceed a small license just by indexing Windows events. Review what you are indexing and reduce it to only the minimum. Then contact Splunk for a key to unlock your ability to search.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...