The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Previous Topic: splunk not eating files from var/spool/splunk | Next Topic: Real-time Indexing with Free version
Posts 1–3 of 3
I just decided to try out the free 30-day Enterprise license and after I restart Splunk it says I have exceeded my 5GB/day limit...however this system would be nowhere near 5GB of log data and when I go to the Admin interface and click on "Indexes" and total up the index sizes it doesn't exceed 500MB.
I don't understand how the 5GB/day limit would ever be hit or how Splunk would interpret it to be... Any info would be appreciated.
Thanks.
Just an update on this issue I seem to have encountered something strange... because when I go into Admin console and view the License and Usage it says:
Product Enterprise Splunk
License Level 5.00 GB/day
Expiration Date 06/14/2009
Time Remaining 29 days
(renew)
Peak Usage 0.84 GB/day
Peak % 16.9%
License violations You have 1 license violation:
05/15/2009 Indexed 363.48 MB over quota
So I am thinking that maybe because I had a violation on my Free license (500MB/day) and have now changed the license to the Free Enterprise one (5GB/day) that it has just simply carried the violation over to the updated license? Wouldn't this be a little bit of an error though since the violation should essentially be wiped when the license is upgraded?
Thanks.