Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting license violations on my search-head?

mctester
Communicator
‎04-28-2010 09:38 PM

On my 4.0.9 instance, I keep getting notifications that I have exceeded the license volume. The only indexing I'm doing on this instance is summary indexing, and that doesn't count towards the volume, right?

When I search for the top sources for my search head, it only includes _internal and summary index data.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎04-28-2010 09:41 PM

Summary indexing IS NOT free in the 4.0.9 & earlier versions. This changed in the latest releases, so for 4.0.10, 4.1.x and later, it IS free.

The _internal index is not counted towards your overall volume

If you have a search-head pre 4.0.10, and you want to run summary index searches on it, you will need an Enterprise license. For 4.0.10 and later, you can use the forwarder license in $SPLUNK_HOME/etc

View solution in original post

Reply
Solved! Jump to solution

Jason
Motivator
‎05-11-2011 01:07 PM

On 4.2, the forwarder license can not be used for a search head, so the search head has to be hooked up to your license master.

It will then show any license violations that the license master shows (annoyingly.)

0 Karma
Reply
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎04-28-2010 09:41 PM

Summary indexing IS NOT free in the 4.0.9 & earlier versions. This changed in the latest releases, so for 4.0.10, 4.1.x and later, it IS free.

The _internal index is not counted towards your overall volume

If you have a search-head pre 4.0.10, and you want to run summary index searches on it, you will need an Enterprise license. For 4.0.10 and later, you can use the forwarder license in $SPLUNK_HOME/etc

Reply
Solved! Jump to solution

Mick
Splunk Employee
Splunk Employee
‎04-29-2010 02:58 PM

Thanks, I've edited the original answer, I didn't realize this had recently been applied to the 4.0.x code branch.

0 Karma
Reply
Solved! Jump to solution

oreoshake
Communicator
‎04-29-2010 01:38 AM

We need some updating of documentation: http://www.splunk.com/base/Documentation/4.0.10/ReleaseNotes/4.0.10

As of Splunk version 4.0.10, summary index searches do not count towards your indexed data volume. (SPL-29515)

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...