Installation

Free license extension?

espacepro
New Member

Hi!

So, we have a license issue. Looks like a common problem. If I'm right we need to wait 30 days or reset the license.

Before buying a license we would like to test the product a bit more.

So let me know if this is possible, or if we have to do anything more to fix it.

Thanks a lot for your support. Splunk roxxxx ! 😃

The Alerts messages :

Current:
1 pool warning reported by 1 indexer Correct by midnight to avoid violation Learn more
1 pool violation reported by 1 indexer Correct by midnight to avoid violation Learn more

Permanent:
6 license window warnings reported by 1 indexer 1 day ago

Labels (2)
Tags (2)
0 Karma
1 Solution

MuS
Legend

Hi espacepro,

please read this http://answers.splunk.com/answers/66786/free-license-reset for a start, getting a reset license for Splunk free is more difficult then follow the backup everything and re-install approach.
Or talk to the Splunk Sales to get you a Enterprise trial license.

cheers, MuS

View solution in original post

hnorvik
Explorer

Taking a chance on replying to this old thread.... there are probably a lot of you out there with the same issue.
I am running the free license for learning and lab purposes at home feeding it whatever that could be interesting. 

After numerous times getting this hit by free license violation due to some system decided to send a lot of data to Splunk after a reconfiguration or change in traffic pattern, I have learned how to rebuild it. 

Email forwarding and alerts are not available with the free license, we have to connect every day and check messages for any license violations. Since this was not too practical I decided to write a script using the CLI and sendmail. This is now added to crontab running each day shortly after midnight.  It will send me an email with the last 4 days of license usage like below:

   time    usage
---------- -----
2020-06-11 41.02
2020-06-10 32.18
2020-06-09 20.99
2020-06-08 16.44

Here is my script:

#!/bin/bash
# Email last days of Splunk license usage - file: license-check.sh
# Emails settings
# From is optional - will use hostname if not specified FROM=my_from_address@example.com TO=your_email_address@example.com BODY_FILE=/root/mail.txt # run splunk search
/opt/splunk/bin/splunk search 'index=_internal [`set_local_host`] source=*license_usage.log* type="RolloverSummary" earliest=-3d@d | eval usage=round(100*b/poolsz,2) | eval time=strftime(_time, "%F") | table time usage ' > $BODY_FILE # send the report with sendmail
(cat - $BODY_FILE)<<HEADERS_END | /usr/sbin/sendmail -i $TO
Subject: Splunk License usage
To: $TO
From: $FROM HEADERS_END

Add the file to crontab:

10 0 * * * /root/license-check.sh

Modify your postfix install to use a relay host /etc/postfix/main.cf

... and that's all. 

Although not the best practice to run under root, but it works....

0 Karma

MuS
Legend

Hi espacepro,

please read this http://answers.splunk.com/answers/66786/free-license-reset for a start, getting a reset license for Splunk free is more difficult then follow the backup everything and re-install approach.
Or talk to the Splunk Sales to get you a Enterprise trial license.

cheers, MuS

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...