We are a small Managed Service Provider (MSP) currently testing Splunk with a deployment on a Windows 2019 server using a trial version. After adding a remote device and integrating the Fortinet FortiGate App for Splunk, the system functioned well initially. However, the next day, we noticed that the system encountered 5 violations in one night. Subsequently, when accessing the dashboard, we were greeted with the following message: "Error in 'rtlitsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Renew your Splunk license by visiting www.splunk.com/store." Is there a way to resolve this issue without performing a full reinstall? Additionally, is there a way to set a limit on the amount of data being indexed to avoid triggering the violation? I have come across references to routing logs to the "nullQueue" and would appreciate feedback from the community on this approach or any other recommended solutions. Thank you in advance for your help!
... View more