Splunk Enterprise

How do I remove these messages?

felizsoc1
Engager

How do I remove these messages? And keep my license free operativealt text

Tags (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Removing the messages is easy - just click the "Delete All" button. Keeping them from coming back is another matter. The only way (aside from getting a bigger license) is to reduce the amount of data you ingest each day to below your license limit. Look for the most common sources and sourcetypes as they are probably sending the most data. Windows event logs and Linux audit logs tend to be very verbose as can performance metrics. Turn off the performance data you don't need and increase the interval between the metrics you do need. Consider filtering out unneeded events/audit.

---
If this reply helps you, Karma would be appreciated.

felizsoc1
Engager

OK, thank you very much for your answer, I am trying to put my splunk operative one more time

0 Karma

felizsoc1
Engager

How to reduce the amount of data that Splunk ingests each day to be below the license limit?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The simplest way is to disable inputs you don't need.
Review any wildcarded inputs to make sure they're not including too many files.

---
If this reply helps you, Karma would be appreciated.
0 Karma

felizsoc1
Engager

Many thanks for the answer, I'm trying to disable the performance data I do not need and increase the interval between the metrics I need, but I can not find a configuration menu where I can do it. Could you please help me by telling me where I am doing these tasks?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The exact steps depend on what metrics you collect and how you collect them. For example, the Splunk Add-on for Unix and Linux has a setup screen where you can choose the metrics that are collected and how often.
Depending on the complexity of your environment, you may be able to edit input.conf files (be sure to put your changes in the local directories) to disable unneeded data.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...