Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

splunk forwarder license

apro
Path Finder
‎07-09-2010 06:44 AM

Hi,

Like to quick check on how splunk forwarder license works...

  • forwarder license type is displayed as Enterprise?
  • forwarder has a license level of 1MB?
  • in that case our forwarder already has some violations..what if it exceeds 3/5 violations?
  • it has expiration date and days remaining. so after it expires how do we obtain the new forwarder license?
0 Karma
Reply

apro
Path Finder
‎07-12-2010 03:03 AM

Thanks.This is a concern initially because if we have deploy large number of forwarders each with different expiration and violations,then we may have some problem tracking them..

0 Karma
Reply

Starlette
Contributor
‎07-12-2010 06:13 AM

Not sure why mzorzi sends you to the dark,,his initial answer were 100% wrong,,,and you can stuck with gkanapathy's comments for forwarders as well.
see http://www.splunk.com/wiki/Where_do_I_configure_my_Splunk_settings%3F for the different fucntions...
forwarders are input, parsing pipelines,,,,NO indexing no licensestuff!!!!

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎07-09-2010 02:53 PM

  1. Forwarder license is Enterprise. It should not be your regular license, but the $SPLUNK_HOME/etc/splunk-forwarder.license file that is shipped with every Splunk package. You can just copy this file to splunk.license.

  2. Yes it is. 1MB is just a minimum license. Forwarders don't actually need any licensing, since they don't index.

  3. Doesn't matter. Violating a license (because some amount does get indexed) results in search being disabled. Forwarders don't perform search.

  4. The forwarder license should not be expiring any time soon. It also doesn't matter in practice, again because once it expires, only search is disabled. Forwarders don't perform search.

Reply

heterodyned
Path Finder
‎01-30-2011 10:01 PM

Should the splunk forwarder license have the same expiration date as that of the indexer from where the splunk-forwarder-license is copied or it doesnt matter ?

0 Karma
Reply

mzorzi
Splunk Employee
Splunk Employee
‎07-09-2010 04:09 PM

Light Forwarders don't perform search/index, Forwarders do (they are Indexers with a defined stanza in outputs.conf ). I assumed in the question above apro referred to Forwarders.

0 Karma
Reply

mzorzi
Splunk Employee
Splunk Employee
‎07-09-2010 11:24 AM

  1. Forwarder License is the same as Indexer License.

  2. No, you have an unlocking license, delivered to reset violation.

  3. You need a new Production or a new Larger Trial License.

  4. Please contact support@splunk.com or your sale reference.
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...