Hello Team Splunk!
I am having some trouble interpreting the license usage page in Splunk Enterprise. Figures 1 and 2 below show the parts I am confused about. Figure 1 shows that there was some type of license violation on July 25, 2018 while Figure 2 shows this date without any skyrocketing bar indicating that index went over its allowance of data, 500MB per day.
Also, does anyone know what "stack size" means in Figure 2?
Also, in Figure 1, how can a warning be generated if the poolsize is equal to zero? Seems like a warning would be generated if the poolsize is over 524288000 Bytes. I looked this up and found that 500 MB = 524288000 Bytes (in binary). Of course 500MB is the limit on the amount of data that the indexer can consume with the free license.
Figure 1: July 25, Poolsize = 0 bytes
Figure 2: Daily License Usage
... View more