I have a problem with Splunk and I can't really understand how to debug or solve it.
I got the following issues on my license:
I got these violations but I can't figure out what exactly is the violation or what is causing it. I'm not a Splunk expert and would appreciate some guidance into what do I do here as my searches are disabled.
Would also point out that I had a free license and I've installed a dev one several weeks ago.
You're indexing more data than your license allows. Go to Settings->Monitoring Console->Indexing->License Usage->License Usage - Previous 30 Days. There, you can break down your usage by index or source to see where all the data is coming from. Once you find the offending data source, disable it or tune it to send less data.
I did have an issue with a free license, but I installed a dev one since.
The problem is that from what I read the new license was suppose to reset my violations but it didn't. Is that something I should be contacting support with or did I do something wrong?
Since the new license was installed I didn't violate my pool once.