Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Error on forwarder

bosseres
Contributor
‎01-26-2021 03:58 AM

Hello everyone,

I'm trying to configure deployment server and i have a error, occured on forwarder

TCPOutAutoLB-1

  • Root Cause(s):
    • More than 70% of forwarding destinations have failed. Ensure your hosts and ports in outputs.conf are correct. Also ensure that the indexers are all running, and that any SSL certificates being used for forwarding are correct.
  • Last 50 related messages:
    • 01-26-2021 14:55:56.254 +0300 WARN TcpOutputProc - Applying quarantine to ip=10.22.31.80 port=9997 _numberOfFailures=2
    • 01-26-2021 14:55:56.253 +0300 INFO TcpOutputProc - Found currently active indexer. Connected to idx=10.22.22.241:9997, reuse=1.
    • 01-26-2021 14:55:26.660 +0300 INFO TcpOutputProc - Connected to idx=10.22.22.241:9997, pset=0, reuse=0.
    • 01-26-2021 14:55:26.553 +0300 INFO TcpOutputProc - _isHttpOutConfigured=NOT_CONFIGURED
    • 01-26-2021 14:55:26.322 +0300 INFO TcpOutputProc - Group receiver initialized with maxQueueSize=512000 in bytes.

What does it mean? Thank you.

Labels (1)
Labels
0 Karma
Reply

bosseres
Contributor
‎01-26-2021 05:05 AM

we can close topic, I resolved the problem

ty

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-11-2025 11:10 PM

Hi @bosseres ,

Please describe how you solved the topic and close the case for the oother people of the Community.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

SN1
Path Finder
‎02-11-2025 09:42 PM

 Hi could you please tell me how did you resolve this issue as i am having the same issue as well.
Thank You.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-11-2025 11:11 PM

Hi @SN1 ,

don't attach a new request to an old one, even if on the same topic, because probably you'll never receive an answer.

Open a new case describing your issue.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-26-2021 04:58 AM

Hi @bosseres,

check the connection between Ds and Indexers because probably there a block between them.

You could use telnet:

telnet 10.22.31.80 9997
telnet 10.22.22.241 9997

If telnet fails, you can check:

  • local firewall on DS,
  • firewalls between Ds and Indexers,
  • enabled receiving (on port 9997) on Indexers.

Ciao.

Giuseppe

Reply

bosseres
Contributor
‎01-26-2021 04:00 AM

one more question, why can't I delete host from list? there is really no such host in outputs.conf

bosseres_0-1611662382550.png

 

0 Karma
Reply

bosseres
Contributor
‎01-26-2021 05:04 AM

second one question I resolved with btool

Tags (1)
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...