Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting license violations on my search-head?

mctester
Communicator
‎04-28-2010 09:38 PM

On my 4.0.9 instance, I keep getting notifications that I have exceeded the license volume. The only indexing I'm doing on this instance is summary indexing, and that doesn't count towards the volume, right?

When I search for the top sources for my search head, it only includes _internal and summary index data.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎04-28-2010 09:41 PM

Summary indexing IS NOT free in the 4.0.9 & earlier versions. This changed in the latest releases, so for 4.0.10, 4.1.x and later, it IS free.

The _internal index is not counted towards your overall volume

If you have a search-head pre 4.0.10, and you want to run summary index searches on it, you will need an Enterprise license. For 4.0.10 and later, you can use the forwarder license in $SPLUNK_HOME/etc

View solution in original post

Reply
Solved! Jump to solution

Jason
Motivator
‎05-11-2011 01:07 PM

On 4.2, the forwarder license can not be used for a search head, so the search head has to be hooked up to your license master.

It will then show any license violations that the license master shows (annoyingly.)

0 Karma
Reply
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎04-28-2010 09:41 PM

Summary indexing IS NOT free in the 4.0.9 & earlier versions. This changed in the latest releases, so for 4.0.10, 4.1.x and later, it IS free.

The _internal index is not counted towards your overall volume

If you have a search-head pre 4.0.10, and you want to run summary index searches on it, you will need an Enterprise license. For 4.0.10 and later, you can use the forwarder license in $SPLUNK_HOME/etc

Reply
Solved! Jump to solution

Mick
Splunk Employee
Splunk Employee
‎04-29-2010 02:58 PM

Thanks, I've edited the original answer, I didn't realize this had recently been applied to the 4.0.x code branch.

0 Karma
Reply
Solved! Jump to solution

oreoshake
Communicator
‎04-29-2010 01:38 AM

We need some updating of documentation: http://www.splunk.com/base/Documentation/4.0.10/ReleaseNotes/4.0.10

As of Splunk version 4.0.10, summary index searches do not count towards your indexed data volume. (SPL-29515)

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...