Archive
Highlighted

7.1 Streamfwd fails to configure service on ubuntu

Splunk Employee
Splunk Employee

I installed standalone streamfwd on ubuntu with "curl -..." script provided, installation ends with following message:

... Do you want to start Splunk Stream Forwarder 7.1.0 service (streamfwd) (yes/no)? [yes]yes Starting streamfwd service.. Job for streamfwd.service failed because the control process exited with error code. See "systemctl status streamfwd.service" and "journalctl -xe" for details. Splunk Stream Forwarder 7.1.0 installation complete.

  • streamfwd process is running, but the script /etc/init.d/streamfwd is not properly working and not controlling the daemon:

root@ugurke2:/opt# systemctl status streamfwd.service
streamfwd.service - LSB: Starts the Splunk Stream Forwarder 7.1.0 daemon
Loaded: loaded (/etc/init.d/streamfwd; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2017-05-04 09:32:16 CEST; 7s ago
Docs: man:systemd-sysv-generator(8)
Process: 3210 ExecStart=/etc/init.d/streamfwd start (code=exited, status=1/FAILURE)
CGroup: /system.slice/streamfwd.service
└─3027 /opt/streamfwd/bin/streamfwd

Tags (1)
0 Karma
Highlighted

Re: 7.1 Streamfwd fails to configure service on ubuntu

Explorer

I believe you were deploying it on the latest ubuntu v16 or v17.
I had the same problem yesterday. Later I found the independent streamfwd service couldn't be restarted. Then, I replaced the OS by ubuntu 14.04, all good.

Ubuntu adopted systemd from v15. That's the reason. ,I was deploying the independent streamfwd on ubuntu 16 and had the same issue above.
Finally, I got it sorted by replacing the OS by ubuntu 14.

Ubuntu started to adopt systemd from v15. So, the streamfwd service cannot be started in this environment. When I change it to ubuntu 14, all good.

0 Karma
Highlighted

Re: 7.1 Streamfwd fails to configure service on ubuntu

Splunk Employee
Splunk Employee

big shout to Ryan Faircloth for the working unit file to get stream working on ubuntu 16.04 for me in aws

https://www.rfaircloth.com/2017/02/11/unbelievably-simple-ipfixnetjsflow-collection/

Kill stream if its running “killall -9 streamfwd”
Remove the init script
“update-rc.d -f streamfwd remove”
rm /etc/init.d/streamfwd
Create a new service unit file for systemd /etc/systemd/system/streamfwd.service

[Unit]
Description= Splunk Stream Dedicated Service
After=syslog.target network.target
[Service]
Type=simple
ExecStart=/opt/streamfwd/bin/streamfwd -D


Enable the new service “systemctl enable streamfwd”
Highlighted

Re: 7.1 Streamfwd fails to configure service on ubuntu

Explorer

root@matt-Latitude-E6420:/etc/systemd/system# cat streamfwd.service
[Unit]
Description= Splunk Stream Dedicated Service
After=syslog.target network.target
[Service]
Type=simple
ExecStart=/opt/streamfwd/bin/streamfwd -D

[Install]
WantedBy=multi-user.target
Alias=splunkstream.service
root@matt-Latitude-E6420:/etc/systemd/system# cat splunkstream.service
[Unit]
Description= Splunk Stream Dedicated Service
After=syslog.target network.target
[Service]
Type=simple
ExecStart=/opt/streamfwd/bin/streamfwd -D

[Install]
WantedBy=multi-user.target
Alias=splunkstream.service

then you can run:

Enable the new service “systemctl enable streamfwd”

ubuntu 18 tested and works

0 Karma
Highlighted

Re: 7.1 Streamfwd fails to configure service on ubuntu

Explorer

Unfortunately, it didn't work on streamfwd version 7.2 and ubuntu 18.04!

Dec 31 13:25:31 splunk-stream-forwarder systemd[1]: Started Splunk Stream Dedicated Service.
Dec 31 13:25:31 splunk-stream-forwarder streamfwd[3172]: 13:25:31.317 INFO  stream.CaptureServer - Launch child process for restoring interfaces
Dec 31 13:25:31 splunk-stream-forwarder streamfwd[3172]: 13:25:31.334 INFO  stream.CaptureServer - Found DataDirectory: /opt/streamfwd/data
Dec 31 13:25:31 splunk-stream-forwarder streamfwd[3172]: 13:25:31.334 INFO  stream.CaptureServer - Found UIDirectory: /opt/streamfwd/ui
Dec 31 13:25:31 splunk-stream-forwarder streamfwd[3172]: 13:25:31.337 ERROR stream.NetworkCapture - Error: basic_string::_S_construct null not valid
Dec 31 13:25:31 splunk-stream-forwarder streamfwd[3172]: 13:25:31.339 FATAL stream.main - Failed to start streamfwd, the process will be terminated: DPDK failed to init
ialize
Dec 31 13:25:31 splunk-stream-forwarder systemd[1]: streamfwd.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Dec 31 13:25:31 splunk-stream-forwarder streamfwd[3172]: terminate called after throwing an instance of 'std::bad_alloc'
Dec 31 13:25:31 splunk-stream-forwarder streamfwd[3172]:   what():  std::bad_alloc
Dec 31 13:25:31 splunk-stream-forwarder systemd[1]: streamfwd.service: Failed with result 'exit-code'.
0 Karma