Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Having errors as a beginner

ryuga_075
Observer
‎04-18-2024 04:20 AM

Greetings, I have just started using splunk and I was trying to montior logs from my files section, And I am getting the following errors while doing so, help me. I am using heavy forwarder for this.

ryuga_075_0-1713438944603.png

ryuga_075_1-1713438974584.png

ryuga_075_3-1713439093043.png

 


I have added my forwarder port to 192.168.196.51:9997 and also made reciever on port 9997. I dont know where I am making mistake. Please help me with this. Thanks and Regards.

 

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-18-2024 04:56 AM

"Your Splunk license expired". Does it ring a bell?

Reply

ryuga_075
Observer
‎04-18-2024 07:35 AM

I have just got my licence today.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-18-2024 10:50 AM

OK. Time to dig into the gory details of Splunk licensing.

When you have an enforcing license (either a trial, dev or "full" license not big enough to be non-enforcing), each day you exceed your daily ingestion allowance will generate a warning. If you exceed given number of warnings during a given time period (with a trial version it's 5 warnings in 30-day rolling window; with a "full" Splunk Enterprise license it's 45 warnings in 60 day), your environment will go into a "violation mode".

Most importantly - it will stop allowing you search any data other than internal indexes.

And the tricky question is that even if you add new/bigger/whatever license at this point, it will not automatically "unlock" your environment. You need to either wait for the violations to clear (for some license types) or request a special unlock license from the Splunk sales team.

So tl,dr -  if you let your Splunk run out of license, it's not as easy as "I add my freshly bought license" and it starts working again.

Reply

isoutamo
SplunkTrust
SplunkTrust
‎04-19-2024 09:30 AM
As you have gotten valid license, just ask unlock license from same source as you got your normal license.
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-19-2024 01:23 PM

Yes, thank you. I got focused on explaining why, that forgot to write what to do more explicitly.😁

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...