I just set up Splunk yesterday, running the free edition for now. I'm indexing about 100-150MB a day tops. Yesterday I loaded up a bunch of historical data and got a violation as expected, however today I'm now seeing "This pool contains slave(s) with 1 warnings" as a current alert telling me to correct before midnight with absolutely ZERO indication as to what the real issue is, along with the expected permanent violation.
What gives here? I have no slaves, just forwarders, and currently the licensing manager is showing our volume used today as 114 MB out of the 500MB quota. Am I going to get another violation for uh, not violating the license? If that's not the case, this should really be reworded to not raise alarm.
... View more