Installation

Slaves in violation with trial-license, how to fix?

Explorer

I am running 1 Splunk-installation with the trial-license. I cannot run searches due to license-violations, but I cannot see why. I get licensing-alerts saying that "This pool contains xx slave/s in violation, but I do not understand what these slaves are, I am running only this trial-installation, no forwarders. Any tips?

Labels (1)
Tags (2)
1 Solution

Explorer

I had the same problem after upgrading from the trial to the free license - I fixed mine by executing "splunk clean all" to wipe the slate clean, it happily reindexed everything and life goes on. In my case,
Splunk > Manager > Licensing had been whining for three months about the trial expiration, which was even causing the free license once installed to have more than the 3 warnings permitted per month. That's probably a bug in 4.2. "splunk clean all" fixed it. I have 300Mb total in logs so a full reindex there and then wasn't going anywhere close to the daily limit.

View solution in original post

New Member

Forgive me for being ignorant but how do I "splunk clean all"???

0 Karma

Explorer

"splunk" is an executable in the bin directory of your Splunk installation home. Open up a terminal, change to this directory, and "splunk clean all"

This will erase all your indexes & start with a clean slate.

0 Karma

Explorer

I had the same problem after upgrading from the trial to the free license - I fixed mine by executing "splunk clean all" to wipe the slate clean, it happily reindexed everything and life goes on. In my case,
Splunk > Manager > Licensing had been whining for three months about the trial expiration, which was even causing the free license once installed to have more than the 3 warnings permitted per month. That's probably a bug in 4.2. "splunk clean all" fixed it. I have 300Mb total in logs so a full reindex there and then wasn't going anywhere close to the daily limit.

View solution in original post

SplunkTrust
SplunkTrust

Note - if you don't want to wipe all your user accounts as well, splunk clean eventdata will clean just the eventdata, and it will indeed wipe the license quota violations.

(splunk clean all on the other hand will be more aggressive and wipe all your users too)

Explorer

"splunk clean eventdata all" worked for me after going from trial to free license.

Splunk Employee
Splunk Employee

That's a good solution using "splunk clean eventdata all"

By the way, this behavior is expected when a user with Trial license had more than three license violation (which is okay for Enterprise Trial License in rolling 30 days window) and then moved to Free license (which is not okay with more than three license violation in the same window.)

If this did not happen in 4.1.x, that must have been a bug. But, I had the same issue with 4.1.7, though.

I like your solution.

0 Karma

Splunk Employee
Splunk Employee

can you give more details about what you set up in the licenser? if you have only one instance of Splunk, it should be configured as a standalone license master by default and there shouldn't be any slaves configured. did you change some stuff in the license manager?

0 Karma