I think I'm exceeding my daily limit

strongmd15 · ‎10-24-2018

I'm using the free splunk enterprise. I have got to module 6 and when I perform the searches in the module the data is not there. I'm sure I saved it after every module. I'm not sure what is going on. How can I reset and start fresh?

pramit46 · ‎10-24-2018

@strongmd15

The free license lets you index up to 500MB per day. I doubt if your tutorial data is that big. If it is, then you might want to cut it short in order to save the license volume.

But if it is not, then the problem is somewhere else. Let me suggest you a workaround first. You could just simply create another index and index the data one more time and perform all your future searches on that new index.

Now, let's look at the issue you are facing right now. There could be multiple reasons behind not being able to fetch the data. Going by your claim of saving the data, I would need to see your search string. Please ensure you are using the index name (along with any other conditions you may want to add) because one of the default user control settings require you to use the index name in order to search. Please also ensure to provide the correct time window.

Let me know if these help.

I think I'm exceeding my daily limit

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

I think I'm exceeding my daily limit

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem