I am getting this error
Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times.
when searching for ossec in splunk. So many have posted answer for this error.
But i am not getting the correct pin point to solve this issue.
Please let us know how to solve this issue. I am sure this error regarding on license how to rectify it
can you check in licensing for license violations. After 5 license violations in a 30days period splunk stops searching
Thanks for your help. Now i have exceeded the 5 license violations.
Please let us know how to rectify it.
Here's how licensing works
If it's an Enterprise Splunk Instance with active License, please contact your Splunk Support person to get a reset key. Once you add the reset key, the search functionality will resume (Your indexing does not get interrupted due to this btw)
After you resume the search functionality, go to LURV/ License utilization . If you are in a distributed setup, these metrics will be found on your license master.
Check for hints as to what and how this license overage has caused and correct it. Here's what i would do
Hope this helps!
Thanks for your reply. I am using Free splunk . For this free splunk i have received this error
For free splunk the violations exceed 3 . Now how to rectify it.
Shall uninstall and install splunk again. It will resolve my issue
Finally issue got resolved. The problem is i am using Forward license for that default Licensed daily volume is 1MB.
Then i changed that option to Free license then i am getting Licensed daily volume is 500MB.
To change that option go to Setting --> Licensing - > change license group.
In that select free license then you will get 500 MB per day.
I take back my last posting about the Splunk>answers page not being useful. Right after I posted my comment, and right before I logged off, I clicked on the question, instead of the green button, and the answers appeared. I was thinking the green button would make the answers show up. In any event I would like to thank iamarunk for his answer: "Setting-->Licensing->change license group. I am new to Splunk, and I was making my first attempt at installing a heavy forwarder on the free Splunk version of Enterprise. I was doing the Setting-->Licensing-> part right, but I was clicking on Enterprise, instead of the free version at the bottom. I had been very frustrated at the error messages telling me my license was expired, when I didn't even have a license, for real. In any event I was able to get data from my search, so I can now proceed with my class. So thanks again to iamarunk.