Re: License exception thrown when trying to explor...

srhalstead · ‎08-22-2017

Hi all,

We've recently started seeing the following exception when trying to explore data in our virtual indexes.

"[acme] Error while running external process, return_code=255. See search.log for more info [acme] Exception - java.lang.RuntimeException: Permission denied. License does not allow execution of searches on virtual index=syslog. Only archive indexes allowed in ERP family=hadoop"

Can anybody shed any light on what may be causing this exception? The wording suggests that there's a problem with the license but looking at the Licensing page, I can see there is a "Splunk Analytics for Hadoop License" installed which doesn't expire for a few months.

The exception is raised when we attempt to Explore Data as follows:
1. Login to Splunk as a user with the admin role
2. Click on the 'Explore Data' icon on the Splunk Enterprise landing page
3. Select the Provider and Virtual Index from the drop-down lists
4. Splunk shows 'Loading...' briefly then shows the exception shown above.

We are able to search this virtual index through the "Search & Reporting" app without any problems.

We're running Splunk version 6.5.2.

Thanks in advance for any insight.

johnhsu · ‎09-01-2017

I have same issue with Version 6.6.2 and 6.6.3

License exception thrown when trying to explore data?

license

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!