Re: Not able to read windows registry using SPLUNK...

nandkumar90 · ‎11-21-2017

I am trying to read registry on my local windows system.
I have setup registry monitoring index and launch the search.
. I have not used our local system for any other search before this but still facing license issue.
Here is splunk log:

"ShutdownLevel_ApplicationLicenseChecker"
11-21-2017 18:08:55.214 INFO  ShutdownHandler - shutting down level "ShutdownLevel_S3ConnectionPoolManager"
11-21-2017 18:08:55.214 INFO  ShutdownHandler - Shutdown complete in 1000 microseconds
11-21-2017 18:08:55.214 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Renew your Splunk license by visiting www.splunk.com/store or calling 866.GET.SPLUNK.

Any help?

richgalloway · ‎11-21-2017

Exceeding your license is the result of indexing too much data. It's unrelated to searching except for being blocked from doing searches until the violation is resolved.
Windows logs are very verbose so it's very easy to exceed a small license just by indexing Windows events. Review what you are indexing and reduce it to only the minimum. Then contact Splunk for a key to unlock your ability to search.

---
If this reply helps you, Karma would be appreciated.

Not able to read windows registry using SPLUNK on local windows system

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!