Security

License violations help

mmorley
New Member

I sent splunk an email for advice about swapping to a free licence before the trial ran out, but never got any help and have noticed today it must have ran out recently as I now have some licence violations. I've also updated the license to the free version today and also updated the application.

Under current it lists the following twice and that must correct by midnight to avoid violation

1 pool warning reported by 1 indexer

then under permanent it says

3 license window warnings reported by 1 indexer

then under local server information it reports

Licensed daily volume 500mb
Volume used today 0mb (0.003% of quota)
Warning count 3

How do i get rid of these errors without losing all my data as trying to find it through the help pages isn't very informative

Tags (1)
0 Karma

sdaniels
Splunk Employee
Splunk Employee

Read this for your options:

http://splunk-base.splunk.com/answers/43083/free-license-violation-how-to-fix-and-prevent-recurrence

The options you have are the following since you only have 500 MB per day for free:

  • buy a splunk enterprise license, and get a reset key from support.
  • reinstall a new trial instance and migrate your data... every 30 days.
  • limit the data volume

You can do this to help you manage the data volumes:

http://splunk-base.splunk.com/answers/32174/is-there-a-way-to-isolate-erratichigh-volume-sources-to-...

0 Karma

yannK
Splunk Employee
Splunk Employee

FYI, while in violation, the indexer continues to index data, but can still record new daily license warnings.

With a splunk enterprise license with splunk support contract, you can ask for reset key.
If you are using splunk free, you have to wait 30 days without new warnings for the violation to reset by itself.

Otherwise, reinstall splunk and move the old buckets to the new install.

0 Karma

mmorley
New Member

thanks for the link, but i didn't find it of much use, as does not really tell you how to resolve the problems

due the problems this app is causing i'm going to move to syslog watcher 4

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...