Installation

Search fails in search head clustering.

yutaka1005
Builder

In my environment, there are search head clustering consisting of three search heads and one deployer, and indexer clustering consisting of one cluster master and three indexers.

All of these are unified to ver6.5.5.

Up to now it was working normally,
Starting around 11/5, sometimes the following error occurred and search failed.


Streamed search execute failed because:
Error in 'litsearch' command: Your Splunk license expired or
You have exceeded your license limit too many times. Renew
your Splunk license by visiting www.splunk.com/store or calling

866. GET.SPLUNK

However, when I checked with the license master, the license has not expired, each indexer being license slave, and the number of excess license was also 0.

Is this a known problem?
And is there a workaround?

Labels (2)
0 Karma
1 Solution

yutaka1005
Builder

This Problem was solved.

Of the three search heads, only one was not license slave.
So I make it to the license slave again and this problem didn't happen again.

View solution in original post

0 Karma

yutaka1005
Builder

This Problem was solved.

Of the three search heads, only one was not license slave.
So I make it to the license slave again and this problem didn't happen again.

0 Karma

koshyk
Super Champion

seems like your Search Heads are not having roles as license_slaves (The indexers might be connected to the license master, but ensure Search Heads are also connected to the license master). Ensure all your tiers (except Universal Forwarders) are connected to the license master

yutaka1005
Builder

Hi koshyk.

Thank you for comment.
What you are saying was right.

Of the three search heads, only one was not license slave.
So I will review the license slave settings and watch more whether this event happens again.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...