[davidu]

This is entirely par for the course, and quite reasonable if you understand how it happens in practice and why it exists.

There are Splunk customers who do not allow outbound connections to the Internet and so Splunk can't use automated means of auditing license compliance. So they reserve the right to audit you on site. So if you're the CIA and you are paying for 1 petabyte and you are using 2, they want to know and charge you appropriately.

As a matter of good corporate governance, they are actually doing you a favor and preventing you from being a thief. :-)

[nn2]

Are you serious? I would never give some random supplier unlimited access to my server and internal network. Such a requirement is an absolute show-stopper.

[davidu]

Fortunately, you are not like other people.

Fortunately, customers of Splunk don't view them as a random supplier.

[josephcooney]

I thought the server tracked the number of infractions, and fell back to a reduced feature set when you went over the limit a certain # of times.