Hello Splunk support,
I have a free splunk license with 500MB per day. The deployment is following:
1 indexer
2 forwarders ( 1 disabled, 1 active )
License is not expired. Search is not working. Volume used today 256MB.
The issues were from pools. Firstly auto_generated_pool_download_trail, and right now auto_generated_pool_free.The message is: This pool contains 1 slave/s in violation
I have 1 pool violation and warning. 13 pool quota overage warnings.
Any help would be appreciated.
Thank you in advance,
this is not splunk support, this is answers,
not sure what help you are seeking but it sounds like you can not search since you violated your free license.
there are couple options:
1. wait until violations expire (i think it takes a month or so)
2. remove splunk completely, and install a new one
3. if the above doesnt work, create a VM (our launch a cloud instance) and install new splunk there
Exactly that's what I'm seeking, but I'm not sure why violation happened since custom index receiving data is restricted to 500MB.
Thank you for proposed options!
Best regards,
the size of your index doesnt matter, the only thing that matters is how much data was indexed.
you can index terabytes of data to a 2 gb index, and splunk will index and throw data as long as it comes
converting to an answer,
hope it helps and