Archive
Highlighted

Splunk Cloud Built-in License Alert broken

Path Finder

I am working on a Splunk Cloud deployment and have attempted to enable the built-in (splunkinstancemonitoring) alerts for license violations.

I have stripped away the bulk of the alert search to locate the broken component and it at the very front

| rest splunkservergroup=simgrouplicense_master /services/licenser/pools

It appears that there is no such group as simgrouplicense_master or at the least, it returns no data.

I have also attempted the License Monitor app off splunkbase and this uses the same rest endpoint.

How do I get this alert to work.
And no, I am aware of searching the _internal for license events, the problem is Splunk have provided broken functionality.

Any help appreciated.

0 Karma
Highlighted

Re: Splunk Cloud Built-in License Alert broken

Esteemed Legend

Open a support case; this is clearly a bug.

0 Karma
Highlighted

Re: Splunk Cloud Built-in License Alert broken

Splunk Employee
Splunk Employee

The /services/licenser/pools API endpoint is there in order to access the licenser pools configuration and in Splunk Cloud we do not support license pools as described here: https://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Service/SplunkCloudservice (" License pooling: You cannot use license pooling in Splunk Cloud").
To alert on license usage in Splunk Cloud use index=internal source=*licenseusage.log* type="RolloverSummary" etc...

0 Karma
Highlighted

Re: Splunk Cloud Built-in License Alert broken

Splunk Employee
Splunk Employee

These alerts are now removed in version 7.0.1 which will be released in the future

0 Karma