Splunk Licensing: Enforcement Vs No-Enforcement

Splunk Licensing: Enforcement Vs No-Enforcement

Hello everyone today we are going to briefly discuss the concept of “enforcement” and “no-enforcement” license. This topic will be little bit tricky. Please read it carefully. Hopefully after reading this blog all your doubts will be cleared about “enforcement” and “no-enforcement” license.
Types of license:
Now before starting the main topic we should know the types of licenses available in Splunk.

1. Splunk Enterprise License
  1.1 Enterprise license
  1.2 Trial license 
      1.2.1 Enterprise trial license
      1.2.2 Sales trail license
  1.3 Dev/ Test license
2. Free license
NOTE: The concept of “enforcement” and “no-enforcement” will only work 
      for 1.1 Enterprise license.

License Violation:
If you exceed your daily licensing quota for one single calendar day then it will generate one “license warning” (which you can see from your incense master by clicking Settings > licensing ). If you get more than five license warnings in a rolling period of 30 days then it will count as one “license violation”.

1

2
Splunk Enforcement license:
If you have lower than Splunk 6.5 and you purchased your license before 27th September 2016 then it comes under an “enforcement” license. In this case, if you are violating your license or license violation is occurred then consequences will be as follows.

1. Your searching will be disabled but your indexing will be continued.
2. Only the “_internal” index will be accessible so “monitoring console” will 
   be available to monitor.
3. To start the searching once again you need to contact Splunk Sales Person to
   purchase a “reset license key”. After uploading that “reset license key” on
   your license master,  everything will be fine as before.

Splunk No-Enforcement license:
If you have Splunk 6.5 or higher version and you purchased your license on or after 27th September 2016 then it comes under a “no-enforcement” license. In this case, if you are violating your license or license violation occurred then also your searching will be enabled, as well as indexing will be continued. Everything will work fine as before. But that will still count as a license violation.

Scenario 1: Your Splunk version is below 6.5 and licenses purchased before 27th September 2016

If your license is below 6.5 that means your license is an “enforcement” one, and if you want to upgrade it to “no-enforcement” then at first you need to update your license master to 6.5 or higher version, after that you need to contact Splunk salesperson  for a “no-enforcement” key. Upload that “no-enforcement” key to your license master. Your existing license will be working as no-enforcement license.

You can also know about :  About Splunk Users and Roles

Scenario 2: Your Splunk version is  6.5 or higher and licenses purchased on or after 27th September 2016

If you purchasing any license on or after 27th September 2016  that means you will be under “no-enforcement” automatically.

Scenario 3: Your Splunk version is below 6.5 and licenses purchased on or after 27th September 2016

In this case, Splunk will strongly recommend you update your environment to 6.5 or higher version. If it is not possible for the whole environment then you need to upgrade at least license master to 6.5 version or higher version.  Otherwise, even if you purchase a license after 27th September 2016 it will be treated as an “enforcement” license.

NOTE: The concept of enforcement and no-enforcement license will come with Splunk enterprise license(1.1) only. For the rest of the licenses, if you violate the license searching will be disabled  for the rolling period of 30 days but indexing will be continued. No reset license key is available.

The legal obligation in case of no-enforcement:
After license violation everything will be working fine, searching will continue as earlier. But still, that will count as a license violation. Due to enforcement policy earlier disabling the searching was causing a huge critical disruption in the organization / business. That’s why concepts of no-enforcement came into the picture. But legal policies are the same as earlier. According to that policy still, you can’t exceed your license quota, and if you breach that one, Splunk can audit the license usage of their clients at any point of time. Also you may face some problem due to this illegal activity.

You can also know about :  Forwarding CSV file to Indexer without Header in Splunk

To know more about the legal obligation click here.

Hope you have understood : Splunk Licensing: Enforcement Vs No-Enforcement

Happy Splunking !!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.