Hi!
So, we have a license issue. Looks like a common problem. If I'm right we need to wait 30 days or reset the license.
Before buying a license we would like to test the product a bit more.
So let me know if this is possible, or if we have to do anything more to fix it.
Thanks a lot for your support. Splunk roxxxx ! 😃
The Alerts messages :
Current:
1 pool warning reported by 1 indexer Correct by midnight to avoid violation Learn more
1 pool violation reported by 1 indexer Correct by midnight to avoid violation Learn more
Permanent:
6 license window warnings reported by 1 indexer 1 day ago
Hi espacepro,
please read this http://answers.splunk.com/answers/66786/free-license-reset for a start, getting a reset license for Splunk free is more difficult then follow the backup everything and re-install approach.
Or talk to the Splunk Sales to get you a Enterprise trial license.
cheers, MuS
Taking a chance on replying to this old thread.... there are probably a lot of you out there with the same issue.
I am running the free license for learning and lab purposes at home feeding it whatever that could be interesting.
After numerous times getting this hit by free license violation due to some system decided to send a lot of data to Splunk after a reconfiguration or change in traffic pattern, I have learned how to rebuild it.
Email forwarding and alerts are not available with the free license, we have to connect every day and check messages for any license violations. Since this was not too practical I decided to write a script using the CLI and sendmail. This is now added to crontab running each day shortly after midnight. It will send me an email with the last 4 days of license usage like below:
time usage ---------- ----- 2020-06-11 41.02 2020-06-10 32.18 2020-06-09 20.99 2020-06-08 16.44
Here is my script:
#!/bin/bash # Email last days of Splunk license usage - file: license-check.sh # Emails settings
# From is optional - will use hostname if not specified FROM=my_from_address@example.com TO=your_email_address@example.com BODY_FILE=/root/mail.txt # run splunk search
/opt/splunk/bin/splunk search 'index=_internal [`set_local_host`] source=*license_usage.log* type="RolloverSummary" earliest=-3d@d | eval usage=round(100*b/poolsz,2) | eval time=strftime(_time, "%F") | table time usage ' > $BODY_FILE # send the report with sendmail
(cat - $BODY_FILE)<<HEADERS_END | /usr/sbin/sendmail -i $TO
Subject: Splunk License usage
To: $TO
From: $FROM HEADERS_END
Add the file to crontab:
10 0 * * * /root/license-check.sh
Modify your postfix install to use a relay host /etc/postfix/main.cf
... and that's all.
Although not the best practice to run under root, but it works....
Hi espacepro,
please read this http://answers.splunk.com/answers/66786/free-license-reset for a start, getting a reset license for Splunk free is more difficult then follow the backup everything and re-install approach.
Or talk to the Splunk Sales to get you a Enterprise trial license.
cheers, MuS