Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

licence enforcement for multiple indexers - warning meaning

wyfwa4
Communicator
‎12-14-2021 07:09 AM

We have just upgraded to v8.1 and because we have a small license, we are subject to the license enforcement. The document states that enforcement will occur if you receive 45 warnings over a rolling 60-day window.

What is unclear is what counts as a "warning". For example I have 9 indexers all sharing a single license pool, and when we went over the daily limit, we appears to receive 9 warnings - one per indexers. Is this expected? - for example

This pool has exceeded its configured poolsize=xxx bytes. A CLE warning has been recorded for all members

So does the 45 warning limit apply to these pool warnings?, hard warnings or license master warnings? I.e. going over the daily limit = 1 warning?

Labels (1)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎12-14-2021 07:29 AM

Hi @wyfwa4,

Since your 9 indexers are sharing the same license pool, License Master will count as 1 warning per day. When you exceed the license capacity all indexers in the same pool raise that warning.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...