That seems like bad design to me, specifically the wording that it's a current violation that must be corrected by midnight, rather than a prior violation that has already caused a strike and can be ignored at this point.
Also, the docs are very clear that when a message like this shows up, you will get a strike; it said basically nothing about displaying errors from a single system like this. There are no slaves, so a message about slaves is nonsensical.
Ah well, though. I'll poke at the Splunk folks on the wording here once we've bought Splunk Enterprise.
... View more
I just set up Splunk yesterday, running the free edition for now. I'm indexing about 100-150MB a day tops. Yesterday I loaded up a bunch of historical data and got a violation as expected, however today I'm now seeing "This pool contains slave(s) with 1 warnings" as a current alert telling me to correct before midnight with absolutely ZERO indication as to what the real issue is, along with the expected permanent violation.
What gives here? I have no slaves, just forwarders, and currently the licensing manager is showing our volume used today as 114 MB out of the 500MB quota. Am I going to get another violation for uh, not violating the license? If that's not the case, this should really be reworded to not raise alarm.
... View more