License Violations

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

6 hours 3 minutes
Video Transcription
hello and welcome back to the Splunk Enterprise certified Administrator course on Sai Buri. This is less than three point to where we'll discuss license violations.
So the learning objectives for this lesson are gonna be to discuss what license warnings are what constitutes a license violation and also to talk about what the repercussions of a license violation will be.
So why are we learning this? Now that we understand what comprises the license and
what limitations we have,
it's important to understand what the repercussions of violating that license will be. So
it's the next logical step in the process. So a license warning is basically just a internal message generated by Splunk, most likely by the license server, which will be the device that houses the license for your splint enterprise deployment.
It will generate a message in Splunk Web to alert you that, hey, you did exceed your license or the license master was unreachable. And so those are the two instances that one of these warnings would be issued is if in any 24 hour period, you exceed
the license
that you're allocated. So if you bring in a terabyte of data instead of 750 gigabytes in one day than this would trigger a license. And that day is defined by the clock on the license master. It will just go 12 to 12. So
if you
continue to have license warnings,
you will get a license violation. This is gonna differ based on the license type that you have, so we'll dig into that a little bit more in the coming slides.
just know that basically license violations issued by exceeding the number of license warnings allowed by your license or if your license master becomes unreachable for 72 hours or more than you also get a license violation. And the consequences of this is that you're non internal.
Indexes will be Unser chewable
so you could search on like the Internal index and Splunk, but you would not be able to search your actual data. So
keep an interesting key fact to know about this as well, is in the past,
spunky used Teoh have an enforcement license where indexing would be blocked, but they did away with that. And so now they have this, which is referred to as like a non enforcement license and the reason that they call it. That is because, as you can see here,
if you have an enterprise or enterprise infrastructure license
and you exceed your license and produce any number of these warnings in a 30 day period, there will be no violation. So the violation really only applies to your trial dev test or free license. And as you can see in these description blocks of texts,
the other licenses where you can have a violation
that's gonna be you exceed five or more warnings if it's an enterprise trial or whatever test license in a rolling 30 day period, and at that point you're searching would be blocked.
Or if you have a free license and you have a three or more warnings in a 30 day rolling period, then search would be blocked as well. But again, if you have an enterprise or enterprise infrastructure license, there's gonna be no repercussions. Most likely, your sales person will just reach out to you and ask you to either purchase more licensing
or to cut back some of your ingestion.
So in this lesson we covered why a lesson license warning would be generated. What the license warning is
what a license violation is and the repetition, the repercussions of violating your license. So that wraps it up for this module we'll see in the next one.
Up Next