Hi All,
I am new to splunk, in my organization having splunk.last one week onwards splunk having issues like
Daily indexing volume limit exceeded today.
License warning issued within past 24 hours (Mon Sep 22 00:00:00 2014 PDT). See License Manager for details.
Daily indexing volume limit exceeded. See License Manager for details.
I am searched some log files, in that volume exceeded.
My Question is
How the indexing is done, and which data should be indexing, where to find the indexed data and pocedure ?
Please help me.
Thanks,
Prasad
Indexing is the process of storing all the data that goes into Splunk and make it searchable. This is the core of what Splunk does. I don't entirely understand the rest of your question - I guess you're not after getting detailed information on what Splunk DOES when it indexes data. Which data you should be indexing is entirely up to you.
Indexing is the process of storing all the data that goes into Splunk and make it searchable. This is the core of what Splunk does. I don't entirely understand the rest of your question - I guess you're not after getting detailed information on what Splunk DOES when it indexes data. Which data you should be indexing is entirely up to you.
Any specific config file for index directories ?
i found only index files in "/opt/splunk/var/lib/splunk/defaultdb/db"
some files are having over indexing (more then 2GB )...
I need to find the which directories having over indexing ?
Thanks
With all due respect it seems you need to take a course on how to operate Splunk first of all. You can see what data inputs are configured in Settings -> Data inputs. License violations are generated due to that more data has been indexed than what the license allows. This does NOT go away if you try to delete data. What you need to do is figure out which source(s) is sending excessive amounts of data and do something about it. This can be done for instance in the "License usage" view, available from the "Licensing" view in settings.
here is some information in the documentation about licensing and license violations:
http://docs.splunk.com/Documentation/Splunk/6.1.3/Admin/HowSplunklicensingworks
here is some information about how to get data into Splunk: http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor
Thanks for your quick responce Ayn,
How to find the what directories it is configured to index ?