Splunk Enterprise

Why does Splunk Licensing Warnings pop up when adding sources after installing Splunk Enterprise on Ubuntu 20.04?

jonare
Engager

Hello

I have installed Splunk Enterprise on Ubuntu 20.04 two times now, but I get warnings from licensing when adding sources.

I installed a 5GB/days license and added a syslog udp/1514 and a new index. After this splunk starts complaining about:

 

This deployment is subject to license enforcement. Search is disabled after 45 warnings over a 60-day window Learn more

Licensing alerts notify you of excessive indexing warnings and licensing misconfigurations

 

 

1 cle_pool_over_quota message reported by 1 indexer	Correct by midnight to avoid warning

 

Can anyone help me in the right direction ? The total amout of data = 0MB, so this is clearly not correct.

Regards, Jon

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...