Installation

Splunk License Hard Warning

rohitvjoshi
Path Finder

Hi Splunkers ,

We having 100 GB to license ,Out of 100 GB , we have 50 GB License having "Splunk Enterprise - No Enforcement (6.5 )" and Rest 50GB having "Splunk Enterprise " License.Due to high flow of logs we have exceeded license 3 times in this rolling month. What will be impact if we cross 5 HARD WARNINGS in upcoming weeks ? We went throught the SPlunk Documentation , I am having bit confusion beacuse we having 2 differnt type of Licenses with us .

Thanks
RJ

Labels (1)
0 Karma
1 Solution

dkeck
Influencer

Hi,

your No Enforcement License should have a GB volume of 0 and its only use is that your search function is not blocked if you exceed your license 5 times. So as long as you have a license like that and your stack has a "No Enforcement " in it you should be good even if you exceed it.

The license without "No Enforcement" are probably just older than 6.5. You can check the creation_time in All licenses details on your license master. Newer license 6.5 and older (just guessing) are named Splunk No Enforcement 6.5 .

Kind Regards

View solution in original post

0 Karma

mayurr98
Super Champion

Hi

Starting with version 6.5, Splunk Enterprise no longer disables search when you exceed your licensed data ingestion quota. Users can keep searching even if the license master acquires five license violation warnings in a 30 day window. The license master is still in violation, but search is no longer blocked.

have a look at this doc:
https://docs.splunk.com/Documentation/Splunk/7.2.3/Admin/TypesofSplunklicenses#No-enforcement_licens...

Also have you gone through splunk enterprise license FAQ's
https://www.splunk.com/en_us/resources/splunk-enterprise-metered-license-enforcement-faq.html

let me know if this helps!

0 Karma

dkeck
Influencer

Hi,

your No Enforcement License should have a GB volume of 0 and its only use is that your search function is not blocked if you exceed your license 5 times. So as long as you have a license like that and your stack has a "No Enforcement " in it you should be good even if you exceed it.

The license without "No Enforcement" are probably just older than 6.5. You can check the creation_time in All licenses details on your license master. Newer license 6.5 and older (just guessing) are named Splunk No Enforcement 6.5 .

Kind Regards

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...