Re: Daily License Report not Showing

phanichintha · ‎03-05-2021

My Environment: 1 SH, 1DS (CM, LM), 2 INDX`s and 15GB/day License.
The day before yesterday logs ingested to Splunk from two days to the License is going very high >daily limit. Yesterday I recognised and disabled the source of logs. So the license was going normal now. When I saw today, the license report is not showing today's usage report. Attaching the snapshots to understand.

please advise how to get back to the normal stage.

phanichintha · ‎03-11-2021

I solved the issue; the issue is in the 9996 port from the CM side.
This issue will come when the high usage in License consumes in a day the connection will lose in any way. So here found that 9996 port after enabling in the CM end.
Note: All servers are bi-directionally open with 8089 and 9996/9997 ports and also check the Telnet, Ping.

jbender72 · ‎03-05-2021

To get a better picture of your data, I would suggest using a license usage app. This way you can determine what data is important for what you need. I eventually took the license usage app and made it into a custom app with alerts for when usage is getting "out of control".

scelikok · ‎03-05-2021

Hi @phanichintha,

I can see it is showing todays license usage as 63 GB. If you mean "Usage Report" page, it shows previous 30 days.

I didn't see any problem about license usage but you have problem on indexers, they do not accept data. You should check indexers status, it seems they do not response to rest requests too.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

phanichintha · ‎03-07-2021

Hello @scelikok there is no issue with indexers, I see no errors/warnings in indexers its working fine. I don't think about why this happens.

Daily License Report not Showing

other

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life