Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DNS lookup failed for "$decideOnStartup": Host not found (authoritative)

beginne_Splunk
Explorer
‎04-17-2023 10:06 PM

When 'tail -f /opt/streamfwd/var/log/streamfwd.log' is executed

Why do I get the following message?

WARN [140610710128384] (HTTPRequestSender.cpp:1485) stream.SplunkSenderHTTPEventCollector - (#0) DNS lookup failed for "$decideOnStartup": Host not found (authoritative)
WARN [140610710128384] (HTTPRequestSender.cpp:1470) stream.SplunkSenderHTTPEventCollector - (#0) Recovery attempt failed

Labels (1)
Labels
Tags (2)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-28-2023 01:09 AM

The error message says clearly "DNS lookup failed" which means that system resolver cannot determine reliably a hostname for the local IP. You can run some packet capture tool to verify what lookup exactly is performed at the start of the UF.

0 Karma
Reply

_JP
Contributor
‎10-27-2023 10:15 AM

There's several older posts that seem to be related to a default setting not being correct in their case in an etc/system/local/inputs.conf.  I would check through your Splunk configs to see if there's a server name not set correctly, or if an override is in place that is causing it to use a non-existent hardcoded value instead of relying on what the OS thinks the server name is (i.e. look through our .conf files):

Solved: Inputs.conf $decideonstartup - Splunk Community

Why is host=$decideOnStartup for Splunk Stream, bu... - Splunk Community

How to Configure host = $decideOnStartup correctl... - Splunk Community

Solved: $decideOnStartup Remote Perfmon - Splunk Community

0 Karma
Reply

wagenstallerm
Loves-to-Learn Lots
‎10-27-2023 09:43 AM

same problem here

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...