I have been trialing Splunk now for the duration of the Free-Enterprise license and would now like to move over to the free license.
I have tried this on another test box which I have and I am still receiving this error when I try search the data:
Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Renew your Splunk license by visiting www.splunk.com/store or calling 866.GET.SPLUNK.
On this test box I am not sending too much data (only one firewall), so would expect this not to exceed the 500Mb limit.
I have ran the below command on the test server to show a 48h period and its no-where near the limit, or is it?...
index=_internal earliest=-48h source=*metrics.log per_index_thruput | eval mb=kb/1024 | stats sum(mb) by series
1 _audit 0.361480773
2 _internal 46.5331381808
3 main 78.1099844046
Can anyone advise on the best way to migrate or clear this error?
... View more