Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

After upgrading from version 7.0.1 to 8.0.2, the errors below appear.

jfeitosa_real
Path Finder
‎03-06-2020 11:05 AM

After upgrading from version 7.0.1 to 8.0.2, the errors below appear.
Splunk is not indexing some internal logs like license_usage.log, and license consumption has increased a lot, but I think it is the splunk's own log.

BatchReader-0
Root Cause(s):
The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate indexing or forwarding rate, or a sudden burst of incoming data.
Last 50 related messages:
03-05-2020 09:32:47.238 -0300 WARN TailReader - Could not send data to output queue (parsingQueue), retrying...
03-05-2020 09:32:45.582 -0300 WARN TailReader - Could not send data to output queue (parsingQueue), retrying...
03-05-2020 09:32:37.979 -0300 INFO TailReader - State transitioning from 1 to 0 (initOrResume).
03-05-2020 09:32:37.979 -0300 INFO TailReader - State transitioning from 1 to 0 (initOrResume).
03-05-2020 09:32:37.971 -0300 INFO TailReader - tailreader0 waiting to be un-paused
03-05-2020 09:32:37.971 -0300 INFO TailReader - Starting tailreader0 thread
03-05-2020 09:32:37.968 -0300 INFO TailReader - Registering metrics callback for: tailreader0
03-05-2020 09:32:37.969 -0300 INFO TailReader - batchreader0 waiting to be un-paused
03-05-2020 09:32:37.969 -0300 INFO TailReader - Starting batchreader0 thread
03-05-2020 09:32:37.969 -0300 INFO TailReader - Registering metrics callback for: batchreader0

TailReader-0
Root Cause(s):
The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate indexing or forwarding rate, or a sudden burst of incoming data.
Last 50 related messages:
03-05-2020 09:32:47.238 -0300 WARN TailReader - Could not send data to output queue (parsingQueue), retrying...
03-05-2020 09:32:45.582 -0300 WARN TailReader - Could not send data to output queue (parsingQueue), retrying...
03-05-2020 09:32:37.979 -0300 INFO TailReader - State transitioning from 1 to 0 (initOrResume).
03-05-2020 09:32:37.979 -0300 INFO TailReader - State transitioning from 1 to 0 (initOrResume).
03-05-2020 09:32:37.971 -0300 INFO TailReader - tailreader0 waiting to be un-paused
03-05-2020 09:32:37.971 -0300 INFO TailReader - Starting tailreader0 thread
03-05-2020 09:32:37.968 -0300 INFO TailReader - Registering metrics callback for: tailreader0
03-05-2020 09:32:37.969 -0300 INFO TailReader - batchreader0 waiting to be un-paused
03-05-2020 09:32:37.969 -0300 INFO TailReader - Starting batchreader0 thread
03-05-2020 09:32:37.969 -0300 INFO TailReader - Registering metrics callback for: batchreader0

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

codebuilder
Influencer
‎03-07-2020 06:53 PM

The hashing algorithm on the pass4SymmKey has changed quite a bit between the two versions you mentioned.

Enter a new key/password on your nodes in plain text, and cycle Splunk. I t should resolve the issue for you.

----
An upvote would be appreciated and Accept Solution if it helps!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jfeitosa_real
Path Finder
‎03-09-2020 06:58 AM

The indexer displays this message:
INFO LicenseUsage - type = Message - License usage logging not available for slave licensing instances, please see license_usage.log on license master = https: //xxx.xxx.xxx.xxx: 8089 for usage breakdown

0 Karma
Reply
Solved! Jump to solution
Solution

codebuilder
Influencer
‎03-07-2020 06:53 PM

The hashing algorithm on the pass4SymmKey has changed quite a bit between the two versions you mentioned.

Enter a new key/password on your nodes in plain text, and cycle Splunk. I t should resolve the issue for you.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Solved! Jump to solution

jfeitosa_real
Path Finder
‎03-06-2020 11:35 AM

splunk is unable to index the internal license_usage.log logs.
Does anyone have any ideas?

Thanks in advanced!

James

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...