Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Daily License Report not Showing

phanichintha
Path Finder
‎03-05-2021 07:21 AM

My Environment: 1 SH, 1DS (CM, LM), 2 INDX`s and 15GB/day License.
The day before yesterday logs ingested to Splunk from two days to the License is going very high >daily limit. Yesterday I recognised and disabled the source of logs. So the license was going normal now. When I saw today, the license report is not showing today's usage report. Attaching the snapshots to understand.

please advise how to get back to the normal stage.

DS server LM snanp.JPGHelth status.JPGLast updated license usage.JPGLicense usage.JPGmessages.JPG

0 Karma
Reply

phanichintha
Path Finder
‎03-11-2021 11:19 PM

I solved the issue; the issue is in the 9996 port from the CM side.
This issue will come when the high usage in License consumes in a day the connection will lose in any way. So here found that 9996 port after enabling in the CM end.
Note: All servers are bi-directionally open with 8089 and 9996/9997 ports and also check the Telnet, Ping. 

0 Karma
Reply

jbender72
Path Finder
‎03-05-2021 09:02 AM

To get a better picture of your data, I would suggest using a license usage app.  This way you can determine what data is important for what you need.  I eventually took the license usage app and made it into a custom app with alerts for when usage is getting "out of control".  

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎03-05-2021 08:08 AM

Hi @phanichintha,

I can see it is showing todays license usage as 63 GB. If you mean "Usage Report" page, it shows previous 30 days.

I didn't see any problem about license usage but you have problem on indexers, they do not accept data. You should check indexers status, it seems they do not response to rest requests too.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

phanichintha
Path Finder
‎03-07-2021 03:16 AM

Hello @scelikok there is no issue with indexers, I see no errors/warnings in indexers its working fine. I don't think about why this happens.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...