Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Daily indexing volume exceeded.

smolcj
Builder
‎11-08-2012 03:23 AM

Hi all, I am sorry to ask you this question, which has already answered several times before.
Do i have to remove those indexed data before midnight. i failed to do it. will it be a issue later. or the message will disappear after 14 days?
Thank you

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎11-08-2012 04:06 AM

You should never have to remove or lose data for a violation. If you violate your license too many times, search will be disabled. The message will go away after a while, yes.

View solution in original post

Reply
Solved! Jump to solution

DaveSavage
Builder
‎11-08-2012 04:10 AM

Check out: http://docs.splunk.com/Documentation/Splunk/4.3.4/Admin/Aboutlicenseviolations

0 Karma
Reply
Solved! Jump to solution

DaveSavage
Builder
‎11-08-2012 04:07 AM

Splunk (in my experience) are not mean on this subject. If you have 3 strikes in a calendar month then it will stop searches. Spikes due to initial start up / take-on are sort of expected because it is difficult to calculate with great certainty what you need. If your problem is recurrent and persistent then talk to sales.

0 Karma
Reply
Solved! Jump to solution

DaveSavage
Builder
‎11-08-2012 07:13 AM

@sowings - absolutely correct, a slip of imprecision on my behalf there. Amended. Thanks

0 Karma
Reply
Solved! Jump to solution

sowings
Splunk Employee
Splunk Employee
‎11-08-2012 04:22 AM

To be clear, it stops allowing search, except on the _internal index; it doesn't stop indexing.

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎11-08-2012 04:06 AM

You should never have to remove or lose data for a violation. If you violate your license too many times, search will be disabled. The message will go away after a while, yes.

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...