Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Index violation maximum?

alexbarron
Engager
‎02-29-2012 10:04 PM

Let's say I have a 5GB license. I understand that if I exceed 5GB in a day, I will incur a violation. The violation will most likely be only one or two GB above my license limit. What if, however, I suddenly index something significantly above my license? For example, 200GB. Is there any sort of additional restriction or punishment on this or does it just count as a standard violation like 7GB would?

Splunk continues to index all your data even if you have several violations but it seems unlikely they would index 200GB of data if your license is only 5GB. There must be some kind of maximum.

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎02-29-2012 10:53 PM

no. once you are over for a day, it is single violation, even if it is significantly over. there is no maximum (other than limits of your system and hardware).

Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...