uberAgent Support
  1. uberAgent Support
  2. Splunk

What to Do When You Get Splunk License Errors

Avatar
Helge Klein
Follow

What Are Splunk License Warnings and Violations?

The Splunk documentation explains license warnings and violations as follows:

Warnings and violations occur when you exceed the maximum indexing volume allowed for your license.

If you exceed your licensed daily volume on any one calendar day, you will get a violation warning. The message persists for 14 days. If you have 5 or more warnings on an Enterprise license or 3 warnings on a Free license in a rolling 30-day period, you are in violation of your license, and search will be disabled for the offending pool (but indexing continues). Search capabilities return when you have fewer than 5 (Enterprise) or 3 (Free) warnings in the previous 30 days, or when you apply a temporary reset license (available for Enterprise only).

Symptoms of Splunk License Violations

When a license violation occurs you typically get this message:

Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Renew your Splunk license by visiting www.splunk.com/store or calling 866.GET.SPLUNK.

What You Can Do

You can do either one of the following things to get back search functionality:

  • Send less data to Splunk for indexing and then wait until there are no more than three (Splunk Free) / five (Splunk Enterprise) violations in the past 30 days
  • Uninstall and then reinstall Splunk
  • If you are on Splunk Enterprise contact Splunk to get a temporary reset license.
  • If you are trying the product out contact Splunk to get an evaluation license and a temporary reset license.
Have more questions? Submit a request

2 Comments

  • Avatar
    Chris Barlow

    Hi Helge

    Is there any way to reduce how much data uberAgent is generating? For example, by reducing the polling interval, or something along those lines?

    We purchased a certain licence for Splunk with an assumption of how many GBs may be generated by uberAgent and were surprised at the volume. It's only taken a week for the licence violation to appear. It will be difficult for us to obtain a new licence in the short term.

    Any thoughts?

  • Avatar
    Chris Barlow

    Thanks for the response via the support ticket. I will leave this article here on reducing the data volume in case it helps anyone else - https://uberagent.com/documentation/reducing-the-data-volume/

Please sign in to leave a comment.