Hi all,
We've recently started seeing the following exception when trying to explore data in our virtual indexes.
"[acme] Error while running external process, return_code=255. See search.log for more info [acme] Exception - java.lang.RuntimeException: Permission denied. License does not allow execution of searches on virtual index=syslog. Only archive indexes allowed in ERP family=hadoop"
Can anybody shed any light on what may be causing this exception? The wording suggests that there's a problem with the license but looking at the Licensing page, I can see there is a "Splunk Analytics for Hadoop License" installed which doesn't expire for a few months.
The exception is raised when we attempt to Explore Data as follows:
1. Login to Splunk as a user with the admin role
2. Click on the 'Explore Data' icon on the Splunk Enterprise landing page
3. Select the Provider and Virtual Index from the drop-down lists
4. Splunk shows 'Loading...' briefly then shows the exception shown above.
We are able to search this virtual index through the "Search & Reporting" app without any problems.
We're running Splunk version 6.5.2.
Thanks in advance for any insight.
