Installation
Highlighted

Why has the search function stopped working in Splunk trial version?

Path Finder

Is it really a good idea to have the violation limit in a trial version and cripple your own software? A few days ago my boss was trying to show Splunk Enterprise to his boss, but surprise, the search function had stopped working.

It's a trial version, isn't it? To make things worse, we had no idea that a hard limit existed in the first place, at first just thought that the search was somehow broken, and the error message didn't help much either:

Peer SPLUNK's search ended prematurely. Attempting to reconnect and resume.

No reference to the search function being disabled because of license "violations".

Labels (1)
0 Karma
Highlighted

Re: Why has the search function stopped working in Splunk trial version?

Legend

This doesn't really seem like a question, and further, there is nothing that the Splunk community can do to help.
If you are unhappy with the free trial, perhaps you could mention that to a sales person.

0 Karma
Highlighted

Re: Why has the search function stopped working in Splunk trial version?

Explorer

I downvoted this post because this is a valid question to a valid problem. comments are not answers.

0 Karma
Highlighted

Re: Why has the search function stopped working in Splunk trial version?

Splunk Employee
Splunk Employee

You can switch to the free license when the trial license expires. You might also want to read Types of Splunk licenses if you haven't already.

Totally agree about the error message. It should say something about the license violation. Did you have any notification about that in the Messages menu?

Highlighted

Re: Why has the search function stopped working in Splunk trial version?

Path Finder

Well, I guess it was observation / feedback, more than a specific question. However, some questions come to mind:

  1. Why is Splunk implemented such an draconian license enforcement system on an evaluation version?
  2. Since this is enforced in the eval. version, why is this limitation not made more obvious in the initial documentation (possibly even stating it in the emails from the sales rep)?
  3. Why isn't this mentioned on every admin login, even after just one warning? I don't remember reading about the search function eventually being disabled with any of the warnings, or in the messages menu, or upon logging in; I think I would have noticed at least in same cases, but maybe I missed all of them
  4. Why, after the search block occurs, the only obvious error message that you get upon searches returning zero items is "Peer SPLUNK's search ended prematurely. Attempting to reconnect and resume"? Would a banner such as "The search function has been disabled due to excessive number of traffic warnings, see this URL in the documentation for info" be too on the nose?

Thanks,
Luca

0 Karma