All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitoring of Java Virtual Machines - JMXModularInput

nicolas_rofort
Explorer
‎09-25-2014 07:36 AM

Hello,

The script jmx.py can't connect to server splunk socket. My splunk server is binding another IP address (configure in etc/splunk-launch.conf) than server hostname. Where can I configure this setting ?

Error in splunkd.log:
09-25-2014 16:18:41.626 +0200 ERROR ExecProcessor - message from "python /@mysplunkhome@/splunk/etc/apps/jmx_ta/bin/jmx.py" Probing socket connection to SplunkD failed.Either SplunkD has exited ,or if not, check that your DNS configuration is resolving your system's hostname (@myhostname@) correctly : Connection refused

Regards

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎09-26-2014 02:21 AM

The JMX Mod Input does phone homes to SplunkD to check that SplunkD is still running.
It does this by way of a simple socket connection attempt to the SplunkD management TCP port
You'll get the above error message written if SplunkD is genuinely not running or if your SplunkD host's naming is not resolving (perhaps due to your local DNS settings)

0 Karma
Reply

aarontimko
Path Finder
‎08-16-2016 01:39 PM

Hi Damien,

We hardened our Splunk Universal Forwarder install by having it listen on 127.0.0.1:8089 instead of splunkhostname:8089 and this does break the plugin (monitoring-of-java-virtual-machines-with-jmx_24).

I found this:
https://github.com/damiendallimore/SplunkModularInputsJavaFramework/blob/master/src/com/splunk/modin...
Is it possible to add logic to also check for "SPLUNK_BINDIP=x.x.x.x" in /etc/splunk-launch.conf?

Thanks!
Aaron

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎08-25-2016 10:50 PM

The Mod Input gets the splunkhostname from SplunkD when the Mod Input is instantiated.

So perhaps there is something that you can do with your local DNS to resolve splunkhostname -> 127.0.0.1

0 Karma
Reply

nicolas_rofort
Explorer
‎08-25-2016 11:40 PM

Since fiew months, I have an ugly workaround, redirect all request on 8089 port to x.x.x.x:8089 :
iptables -t nat -A OUTPUT -p tcp -o lo --dport 8089 -j DNAT --to x.x.x.x:8089

0 Karma
Reply

nicolas_rofort
Explorer
‎09-26-2014 05:54 AM

Ok, but SplunkD is not listening on the host IP address because I use "SPLUNK_BINDIP" directive in splunk-launch.conf to bind to another IP address.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...