Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Controlled license violation - read a single huge logfile

FRoth
Contributor
‎08-20-2013 01:41 AM

We received a log file containing incident data that has more than 30 GB.
Our license allows a daily indexing volume of 10 GB.
What would happen if we indexed the whole file? I suppose that we would trigger a single license alert, isn't it?

Is there a limit that disables splunk completely, let's say if we would index a file of 60GB on a single day or 80 GB?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rturk
Builder
‎08-20-2013 01:58 AM

You get up to 5 violations in a rolling 30 day period. This gives you the flexibility to do the occasional large file (such as your 30GB file) without impacting your ability to use the platform. There is no maximum file size that would disable Splunk completely, although you just need to be sure that your servers can index the volume of data you want to.

In the event that you do exceed the licensing 5 times, Splunk won't stop indexing, but it will stop your ability to search against the data (incl. summary & scheduled searches). This would also impact dashboards as they are populated by searches.

Hope this helps 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

rturk
Builder
‎08-20-2013 01:58 AM

You get up to 5 violations in a rolling 30 day period. This gives you the flexibility to do the occasional large file (such as your 30GB file) without impacting your ability to use the platform. There is no maximum file size that would disable Splunk completely, although you just need to be sure that your servers can index the volume of data you want to.

In the event that you do exceed the licensing 5 times, Splunk won't stop indexing, but it will stop your ability to search against the data (incl. summary & scheduled searches). This would also impact dashboards as they are populated by searches.

Hope this helps 🙂

Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...