How to resolve Splunk License usage alert?



Can anyone tell me how to resolve a Splunk License alert problem? I have fixed the alarm at 90% so once it will reach 90% how can I solve this issue? In my graph it is showing by host, sourcetype, source, and index that which one is consuming more license? So after seeing the result how to solve this issue?


Labels (1)
0 Karma


To ensure that you don't get any license violations, monitor your license usage and make sure your license volume is sufficient to support your operational usage. If you do not have sufficient license volume you need to either increase your license or can also go for tweaking your indexing volume.


Yes. If you are using Splunk 6.0, you must have set up alert for any of the searches in the License Usage Report View. See Use the License Usage Report View in the Admin Manual. If you are using Splunk 5.x, install the Splunk on Splunk app and you will have access to the same views for your Splunk 5.x installation.

Check the $SPLUNK_HOME/var/log/splunk/license_usage.log, to check which index is more license. How to resolve the issue is check the license usage, get it increased if you are continuously reaching 90% limit.