Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Indexing is Paused Internal Grace Period?

velayudhan
New Member
‎02-11-2023 07:40 PM

Hi All 

  We are Using the Splunk Enterprise version with the Perpetual License Model with Index Capacity of 5 GB .

  We are all of sudden facing issue in the Indexing of the data when the Limit is not yet breached in the Last 30 days  .

velayudhan_1-1676173118892.png

 

 

 Can you please Guide on this case .

velayudhan_2-1676173179370.png

 

 

Labels (1)
Labels
0 Karma
Reply

velayudhan
New Member
‎02-14-2023 08:40 PM

Hi 
  Thanks for the update 

 

  Myself not able to create an Ticket on the Splunk System can you guide on the same ?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-14-2023 11:29 PM

Hi @velayudhan,

at first, are you a Customer or a Splunk partner?

because you have to use a different portal:

then, if you're a customer, you must be enabled to open cases: usually when a contract is activated the customer communicate three emails of reference people to open cases, I don't know if you are enabled, otherwise, someone else in your organization must open the case.

If you're a partner, usually partners aren't enabled to open cases for the customers, because when you open a case you have to indicate the Entitlement, except if the customer enables you to open cases.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-11-2023 10:39 PM

Hi @velayudhan,

some stupid questions to understand:

when does your violation start: in the last day or before the last 30 days?

if before, you need a reset key, it isn't sufficient to wait for 30 days without violations.

Is you License master on the same server of indexers? if not, did you used IP or dns name to address the license Master from the Indexers?

If dns server, use IP because maybe there a dns resolution problem.

Anyway, you have to ask a reset key to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply

velayudhan
New Member
‎02-12-2023 08:26 PM

HI guliceo

  Thanks for the update 

  Some additional Clarity About Splunk Environment
  

  Splunk System is under License Limit of 5 GB per day and there is no means of Violation in the System

  License master is on the Splunk Search Head only

  Can you suggest a good way to reach the Splunk Team ?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-12-2023 11:06 PM

Hi @velayudhan,

at first, you're using a distributed architecture, so did you configured all your Splunk servers as Forwarders and are they sending logs to indexers?

In a distributed architecture like your, it's a best practice that all the Splunk servers send theyr logs to Indexers and all server 8except Indexers) are configured as Forwarders.

Then Indexers are connected to the License Master, are you using IP address or dns name to address the License Master on Indexers? if dns, use IP.

Try this, if you not solve, you can open a case to Splunk Support on partners.splunk.com (if you're a Splunk Partners) or on www.splunk.com/en_us/about-splunk/contact-us.html#customer-support (if you're a customer).

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...