- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- "This pool contains slave(s) with 1 warnings" on f...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"This pool contains slave(s) with 1 warnings" on free Splunk
I just set up Splunk yesterday, running the free edition for now. I'm indexing about 100-150MB a day tops. Yesterday I loaded up a bunch of historical data and got a violation as expected, however today I'm now seeing "This pool contains slave(s) with 1 warnings" as a current alert telling me to correct before midnight with absolutely ZERO indication as to what the real issue is, along with the expected permanent violation.
What gives here? I have no slaves, just forwarders, and currently the licensing manager is showing our volume used today as 114 MB out of the 500MB quota. Am I going to get another violation for uh, not violating the license? If that's not the case, this should really be reworded to not raise alarm.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk will "remember" a license violation for 30 days. A warning message for this violation will show for 14 days. See more here: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutlicenseviolations
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not my strongest subject, but if I recall correctly all installation have a license master and a license slave, even single-box setups. The master holds a license pool, and slaves can draw from it.
Re how this has been designed - yes, I think any such suggestions would be better directed at Splunk staff directly instead of here (I'm no Splunk employee myself).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That seems like bad design to me, specifically the wording that it's a current violation that must be corrected by midnight, rather than a prior violation that has already caused a strike and can be ignored at this point.
Also, the docs are very clear that when a message like this shows up, you will get a strike; it said basically nothing about displaying errors from a single system like this. There are no slaves, so a message about slaves is nonsensical.
Ah well, though. I'll poke at the Splunk folks on the wording here once we've bought Splunk Enterprise.
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
