Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk doesn't work after enterprise license expiry!

ankurdotshah
New Member
‎06-24-2014 12:55 PM

So we had an enterprise license for 60 days, after the expiry, we were downgraded to the free version but Splunk stopped indexing/searching our files. Apparently after the license expiry (and some license expiry warning) if you don't upgrade in time, you can't use the product for 30 days even though you were downgraded to the free version and your size limit is well within 500 MB.

This is a major issue for us and i am not sure why Splunk behaves this way. Any pointers on how to get unblocked on this so that we don't have to wait for 30 days would be much appreciated?

Labels (2)
Labels
Tags (3)
0 Karma
Reply

grijhwani
Motivator
‎06-24-2014 03:22 PM

That should not be the case. Are you sure this was triggered by the trial licence expiry, and not some other material change. Any Enterprise features you were using will naturally be disabled once the licence is downgraded, but that should not affect basic indexing and searching features. If you blow the 500MB limit 3 times, THEN the searching will shutdown until the exceptions number less than 3 days in the last 30.

I can guarantee yo that it continues to work after a licence downgrade under normal circumstances. I use the free version here, at home. "Can't use" is a very vague term. How does this inability to use it manifest itself?

0 Karma
Reply

grijhwani
Motivator
‎06-24-2014 05:58 PM

There are two solutions:-

1) backup your indexes, a clean re-install (and then possibly re-import your indexes), then make sure you don't exceed your cap this time.

2) Buy an enterprise licence.

0 Karma
Reply

grijhwani
Motivator
‎06-24-2014 04:39 PM

You can't ignore the warnings and expect nothing to result. One difference between the enterprise and free licence is that free only allows 2 exceptions in 30 days, and will shut you out on the third, whilst the enterprise licence allows 4 and will shut you out on the 5th, which is probably why you have been closed out since the downgrade. The product appears to be behaving exactly as the terms and conditions tell you it will.

Reply

grijhwani
Motivator
‎06-24-2014 04:39 PM

How do you know it is no longer indexing? It should continue indexing, even when the search if locked out due to a licence violation. The fact that you had warnings BEFORE the licence expiry suggests that whilst you may not have blown the cap after the expiry, you did beforehand, and as long as those execeptions remain within the last 30 days then you are in violation of the free licence.

contd...

0 Karma
Reply

ankurdotshah
New Member
‎06-24-2014 03:37 PM

Thanks for the response. When i say, it doesn't work, i meant that Splunk stops indexing the file and we can no longer search through the logs. We didn't blow through our cap space of 500 MB, the only thing that happened was we got several licensing warnings leading up to the trial expiry. We ignored that thinking that we'd get downgraded to the free product which did happen just that we were told that there's that 30 day period until which the indexing/searching won't work.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...