Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a setting to have the license usage search look at _internal data of another server?

bworrellZP
Communicator
‎10-26-2015 05:30 AM

Noticed today, since the 6.2.4 update, I get daily license usage just fine. When I go to history, it's blank.

Did the search on the graph and noticed that it's pulling the _internal from the indexer server, not the search head (which is my master license server.) If I put splunk_server=Searchheadservername in the search string, I get data fine.

Is there a setting somewhere that would tell it to look at the _internal of another server (like a user setting for search defaults) or a way to modify the license page to account for this?

Anyone else had this before?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bworrellZP
Communicator
‎10-27-2015 08:12 AM

Issue has resolved itself, sort of, over night. Yesterday's data shows, but that is it. The Output.conf file appears to have been ignored, a reboot of Splunk on all three servers resolved it. So data was on the search head _internal index, not on the Indexers as it should have been. Will watch closer for errors.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bworrellZP
Communicator
‎10-27-2015 08:12 AM

Issue has resolved itself, sort of, over night. Yesterday's data shows, but that is it. The Output.conf file appears to have been ignored, a reboot of Splunk on all three servers resolved it. So data was on the search head _internal index, not on the Indexers as it should have been. Will watch closer for errors.

0 Karma
Reply
Solved! Jump to solution

bworrellZP
Communicator
‎10-26-2015 05:43 AM

Small update, I do have the search head / license master set to forward all logs to the indexers.

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...