Archive

How do I remove these messages?

Engager

How do I remove these messages? And keep my license free operativealt text

Tags (2)
0 Karma

SplunkTrust
SplunkTrust

Removing the messages is easy - just click the "Delete All" button. Keeping them from coming back is another matter. The only way (aside from getting a bigger license) is to reduce the amount of data you ingest each day to below your license limit. Look for the most common sources and sourcetypes as they are probably sending the most data. Windows event logs and Linux audit logs tend to be very verbose as can performance metrics. Turn off the performance data you don't need and increase the interval between the metrics you do need. Consider filtering out unneeded events/audit.

---
If this reply helps you, an upvote would be appreciated.

Engager

OK, thank you very much for your answer, I am trying to put my splunk operative one more time

0 Karma

Engager

How to reduce the amount of data that Splunk ingests each day to be below the license limit?

0 Karma

SplunkTrust
SplunkTrust

The simplest way is to disable inputs you don't need.
Review any wildcarded inputs to make sure they're not including too many files.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Engager

Many thanks for the answer, I'm trying to disable the performance data I do not need and increase the interval between the metrics I need, but I can not find a configuration menu where I can do it. Could you please help me by telling me where I am doing these tasks?

0 Karma

SplunkTrust
SplunkTrust

The exact steps depend on what metrics you collect and how you collect them. For example, the Splunk Add-on for Unix and Linux has a setup screen where you can choose the metrics that are collected and how often.
Depending on the complexity of your environment, you may be able to edit input.conf files (be sure to put your changes in the local directories) to disable unneeded data.

---
If this reply helps you, an upvote would be appreciated.
0 Karma