#### 原理:
1. 停止Splunk
2. 删除 splunk/var/lib/splunk/fishbuckt/下,40开头的一个纯数字文件
3. 删除splunk/var/lib/splunk/fishbuckt/rawdata/目录里所有文件
4. 删除/splunk/var/log/splunk/下license开头的所有文件
5. 启动splunk
#### script:
```
#!/bin/bash
# Author: tacoff
# Comment: clean license limit
SPLUNK_HOME="/opt/splunk"
SPLUNK_BIN="$SPLUNK_HOME/bin/splunk"
SPLUNK_LOGDIR="$SPLUNK_HOME/var/log/splunk"
USER="admin"
PASSWORD="password"
FLAG_CLEAN=""
function log_msg() {
current_time=$(date +"%F %T")
MSG="$current_time $1"
echo $MSG
}
function exec_reset() {
log_msg "execute the license clean"
SPLUNK_DATADIR=$($SPLUNK_BIN show datastore-dir | grep -Eo "/\w+.*")
log_msg "SPLUNK_DATADIR: $SPLUNK_DATADIR"
$SPLUNK_BIN stop
rm -rf $SPLUNK_DATADIR/fishbucket/40*
# ls -l $SPLUNK_DATADIR/fishbucket/40*
rm -rf $SPLUNK_DATADIR/fishbucket/rawdata/*
# ls -ld $SPLUNK_DATADIR/fishbucket/rawdata/
rm -rf $SPLUNK_LOGDIR/license*
# ls -l $SPLUNK_LOGDIR/license*
$SPLUNK_BIN start
}
function check_health() {
FLAG_CLEAN=$($SPLUNK_BIN search "index=main earliest=-3m | stats count" -auth $USER:$PASSWORD 2>&1 | grep -o "license limit too many times")
}
function main() {
log_msg "ready to check the license"
check_health
license_status=$FLAG_CLEAN
log_msg "license status: $license_status"
if [[ $license_status != "" ]]
then
exec_reset
fi
}
main
```
清除splunk license违规信息
Copyright: 采用 知识共享署名4.0 国际许可协议进行许可
-d2979772834f4346a961b123d2a49447.jpg)
