Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

License server work principles

guahos
Explorer
‎03-27-2016 12:45 PM

Hello!
I am planning the following setup:
3 single-site indexing clusters in 3 separate locations and Deployment/License server and the Search Head at one of 3 sites.
And I have a couple of questions regarding License server work principles:
- How does it actually count the amount of stored logs? Does indexing peers send the information about how much data they have stored to the License server? Or does Cluster master send that info? Or forwarders send the info about how much data have they forwarded to indexers?
- What will happen if the License server goes down? Will data still be storing into indexers while License server is down? Would searching be available while License server is down?

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gfuente
Motivator
‎03-28-2016 01:12 AM

Hello

The indexers are the nodes that report how much they are indexing. If an indexer can`t connect to the License Server in 24 hours, it will generate a warning (the same as if you index more than your total license volume)

The indexers will never stop indexing data due to license issues.

Regards

View solution in original post

0 Karma
Reply
Solved! Jump to solution

nkourtidis_splu
Splunk Employee
Splunk Employee
‎06-05-2018 04:56 AM

The right answer is 72 hours and can be found here:

http://docs.splunk.com/Documentation/Splunk/7.1.1/Admin/Aboutlicenseviolations#About_the_connection_...

the license slaves communicate their usage to the license master every minute. If the license master is down or unreachable for any reason, the license slave starts a 72 hour timer. If the license slave cannot reach the license master for 72 hours, search is blocked on the license slave (although indexing continues)

Reply
Solved! Jump to solution
Solution

gfuente
Motivator
‎03-28-2016 01:12 AM

Hello

The indexers are the nodes that report how much they are indexing. If an indexer can`t connect to the License Server in 24 hours, it will generate a warning (the same as if you index more than your total license volume)

The indexers will never stop indexing data due to license issues.

Regards

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...