- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Quota=0 bytes for 3 days. How do i reenable search...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quota=0 bytes for 3 days. How do i reenable search ?
Hi
I have been using trial version and it expired during Christmas. Now i had expected to use the free version instead, but i cannot search as my license has been violated for 3 days with this error message : Indexing quota exceeded for this pool, quota=0 bytes
Is it possible to unlock the free license or do i have to buy a license to see my log data during the Christmas (as i have installed Splunk i do not have any other syslog logs). Is it possible to search log data looking in textfiles instead ?
Regards, Lars
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You do not need to reinstall!
Simply log in as administrator, and change the license group to "Free License" (Settings, Licensing, "Change license group" button). This assumes you are under the free quota of 500/mb per day (check your usage report in the Licensing dashboard).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just wanted to say thanks for this post. I was having the same exact issue becuase I was testing splunk with everything under the sun and did not notice that the trial expired while I was on vacation.
By the way Splunk is a great tool. using the free version now and working on getting the purchase worked into the budget. It smokes the rest of the logging tools that I currently use.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply.
I made a backup of the old splunk directory and made a fresh install of Splunk. After setting up the free license i followed your guide, but copied only the defaultdb directory. After restart and reconfigure my installation worked again.
Regards - Lars
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great! Don't forget to click on the tick to the left of my answer to accept it! 🙂 It makes the question/answer pair more useful for those in the future with the same problem
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have a read of;
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutlicenseviolations
Essentially your search functionality will return after a period of 30 days of non violation from the date of your last violation, during this time you cannot effectively search your data. You could search the original data before it was indexed (log files, event logs etc) but obviously this would be without the aid of Splunk.
You can't get an unlock license for a free license, but if you were up for the effort you could always install a second instance of Splunk server, switch it to a free license and migrate the buckets across;
http://docs.splunk.com/Documentation/Splunk/latest/admin/MoveAnIndex
The above link gives some detail on how to do this, I don't forsee any issues with that method if you wanted instant access again but as with everything I would backup your previous install in its entirety before trying anything.
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
