Solved: Why am I getting license violations on my search-h...

mctester · ‎04-28-2010

On my 4.0.9 instance, I keep getting notifications that I have exceeded the license volume. The only indexing I'm doing on this instance is summary indexing, and that doesn't count towards the volume, right?

When I search for the top sources for my search head, it only includes _internal and summary index data.

Mick · ‎04-28-2010

Summary indexing IS NOT free in the 4.0.9 & earlier versions. This changed in the latest releases, so for 4.0.10, 4.1.x and later, it IS free.

The _internal index is not counted towards your overall volume

If you have a search-head pre 4.0.10, and you want to run summary index searches on it, you will need an Enterprise license. For 4.0.10 and later, you can use the forwarder license in $SPLUNK_HOME/etc

View solution in original post

oreoshake · ‎04-29-2010

We need some updating of documentation: http://www.splunk.com/base/Documentation/4.0.10/ReleaseNotes/4.0.10

As of Splunk version 4.0.10, summary index searches do not count towards your indexed data volume. (SPL-29515)

Mick · ‎04-29-2010

Thanks, I've edited the original answer, I didn't realize this had recently been applied to the 4.0.x code branch.

Jason · ‎05-11-2011

On 4.2, the forwarder license can not be used for a search head, so the search head has to be hooked up to your license master.

It will then show any license violations that the license master shows (annoyingly.)

Why am I getting license violations on my search-head?

Re: Why am I getting license violations on my search-head?

Re: Why am I getting license violations on my search-head?

Re: Why am I getting license violations on my search-head?

Re: Why am I getting license violations on my search-head?