Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

License violations help

mmorley
New Member
‎09-26-2012 11:17 AM

I sent splunk an email for advice about swapping to a free licence before the trial ran out, but never got any help and have noticed today it must have ran out recently as I now have some licence violations. I've also updated the license to the free version today and also updated the application.

Under current it lists the following twice and that must correct by midnight to avoid violation

1 pool warning reported by 1 indexer

then under permanent it says

3 license window warnings reported by 1 indexer

then under local server information it reports

Licensed daily volume 500mb
Volume used today 0mb (0.003% of quota)
Warning count 3

How do i get rid of these errors without losing all my data as trying to find it through the help pages isn't very informative

Tags (1)
0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎09-26-2012 11:20 AM

Read this for your options:

http://splunk-base.splunk.com/answers/43083/free-license-violation-how-to-fix-and-prevent-recurrence

The options you have are the following since you only have 500 MB per day for free:

  • buy a splunk enterprise license, and get a reset key from support.
  • reinstall a new trial instance and migrate your data... every 30 days.
  • limit the data volume

You can do this to help you manage the data volumes:

http://splunk-base.splunk.com/answers/32174/is-there-a-way-to-isolate-erratichigh-volume-sources-to-...

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎09-27-2012 09:37 AM

FYI, while in violation, the indexer continues to index data, but can still record new daily license warnings.

With a splunk enterprise license with splunk support contract, you can ask for reset key.
If you are using splunk free, you have to wait 30 days without new warnings for the violation to reset by itself.

Otherwise, reinstall splunk and move the old buckets to the new install.

0 Karma
Reply

mmorley
New Member
‎09-26-2012 12:03 PM

thanks for the link, but i didn't find it of much use, as does not really tell you how to resolve the problems

due the problems this app is causing i'm going to move to syslog watcher 4

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...