/opt/splunkforwarder/etc/system/local/server.conf, we have used the env variable
serverName = $INSTANCE_ID
We then verified that we got the right results by using the command:
./splunk show servername
This then showed the correct id we were looking for. However, when we go to start Splunk using
./splunk start OR
./splunk to restart it will then show it's started.
Right after it shows it's started, I attempt to verify it's running by using
./splunk status. This shows us that the service did not in fact start, and it still shows
splunkd is not running.
Why is this?
We verified that if we hard code the result into the servername in
server.conf, the service does in fact start.
But, for some reason, by using the env variable something is keeping Splunk from running.
Any help on this would be great!
what does the env variable $INSTANCE_ID contains?
After any environment variables are expanded, the server name
(if not an IPv6 address) can only contain letters, numbers, underscores,
dots, and dashes. The server name must start with a letter, number, or an
If we disable boot-start I found that we can then start the service with no issues. But if I where to enable boot-start after the splunk service is restarted and then preform a ./splunk restart it will fail to restart and will remain offline until you disable boot-start again and start the service.
Splunk forwarder version: splunkforwarder-7.2.3-06d57c595b80-linux-2.6-x86_64