I have installed Splunk Enterprise on Ubuntu 20.04 two times now, but I get warnings from licensing when adding sources.
I installed a 5GB/days license and added a syslog udp/1514 and a new index. After this splunk starts complaining about:
This deployment is subject to license enforcement. Search is disabled after 45 warnings over a 60-day window Learn more
Licensing alerts notify you of excessive indexing warnings and licensing misconfigurations
1 cle_pool_over_quota message reported by 1 indexer Correct by midnight to avoid warning
Can anyone help me in the right direction ? The total amout of data = 0MB, so this is clearly not correct.