Why is a Splunk forwarder creating a zombie proces...

rayrayrayray · ‎02-14-2019

I have installed version 7.2.4 of the Splunk Forwarder from the deb package on a x64 Ubuntu 18.04.1 LTS system. After the install, I used this command to generate the systemd unit file.

/opt/splunkforwarder/bin/splunk enable boot-start -user splunk --accept-license --no-prompt --answer-yes

The service starts and runs without any issue, but I'm always left with a zombie process on my system. If I stop the SplunkForwarder service, it goes away, and comes back when it's started again.

*USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
splunk 29920 0.0 0.0 0 0 ? Z 10:55 0:00 [systemctl] *

Does anyone know a way to get rid of this?

rayrayrayray · ‎05-20-2019

I've upgraded to 7.2.6 and it looks like the issue is resolved.

sreechallagundl · ‎05-20-2019

thanks ray... but why its coming, i didn't see any documentation from splunk GCS team, seems they even didn't bother about it...

ptcrusher · ‎05-20-2019

Were you able to sort it out? I'm facing the exact same issue

Thanks in advance

Why is a Splunk forwarder creating a zombie process when starting via systemd?

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI

Join the Conversation

Why is a Splunk forwarder creating a zombie process when starting via systemd?

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI