Re: Free License Exceeding Daily Limit

angelomileto · ‎12-26-2022

I started mucking around with Splunk at home since I was going to be responsible for it at work and I kinda like it so I setup a single instance at the house to monitor my network traffic. Most things are fine but for some reason for a couple of days, it went bonkers to the tune of >4GB! WOW.

I get Splunk not wanting people to use it for free when they have really big - even lab -networks but I have like 5 or 6 vms and a couple of Pis. The issue is that I can't do any searches to see who is sending the data so that I can stop it. Is there a simple way to reset the number of exceeds so that I can troubleshoot what's sending all the data and turn it off?

PickleRick · ‎12-27-2022

As @gcusello said - the only way for the free license to reset itself is to wait for 30 consecutive days without exceeding quota.

Of course you can just back up your config, scrap your environment, reinstall it and start a fresh one if your already ingested data is not that important that you couldn't live without.

But if I remember correctly if you exceed your license and your search gets blocked, you still can search from _internal which means you should be able to report from the metrics data contained there - license usage, per-source thruput and so on.

gcusello · ‎12-26-2022

Hi @angelomileto,

if you are already in violation you can only ask to Splunk a reset code but they'll give it only if you're a customer.

If you aren't still in violation, you have to wait for 30 days because you can exceed license limit two times in 30 solar days without violation.

Ciao.

Giuseppe

Free License Exceeding Daily Limit- Is there a simple way to reset the number of exceeds so that I can troubleshoot?

Linux

universal forwarder

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join the Conversation