Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Error on forwarder

bosseres
Contributor
‎01-26-2021 03:58 AM

Hello everyone,

I'm trying to configure deployment server and i have a error, occured on forwarder

TCPOutAutoLB-1

  • Root Cause(s):
    • More than 70% of forwarding destinations have failed. Ensure your hosts and ports in outputs.conf are correct. Also ensure that the indexers are all running, and that any SSL certificates being used for forwarding are correct.
  • Last 50 related messages:
    • 01-26-2021 14:55:56.254 +0300 WARN TcpOutputProc - Applying quarantine to ip=10.22.31.80 port=9997 _numberOfFailures=2
    • 01-26-2021 14:55:56.253 +0300 INFO TcpOutputProc - Found currently active indexer. Connected to idx=10.22.22.241:9997, reuse=1.
    • 01-26-2021 14:55:26.660 +0300 INFO TcpOutputProc - Connected to idx=10.22.22.241:9997, pset=0, reuse=0.
    • 01-26-2021 14:55:26.553 +0300 INFO TcpOutputProc - _isHttpOutConfigured=NOT_CONFIGURED
    • 01-26-2021 14:55:26.322 +0300 INFO TcpOutputProc - Group receiver initialized with maxQueueSize=512000 in bytes.

What does it mean? Thank you.

Labels (1)
Labels
0 Karma
Reply

bosseres
Contributor
‎01-26-2021 05:05 AM

we can close topic, I resolved the problem

ty

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-11-2025 11:10 PM

Hi @bosseres ,

Please describe how you solved the topic and close the case for the oother people of the Community.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

SN1
Path Finder
‎02-11-2025 09:42 PM

 Hi could you please tell me how did you resolve this issue as i am having the same issue as well.
Thank You.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-11-2025 11:11 PM

Hi @SN1 ,

don't attach a new request to an old one, even if on the same topic, because probably you'll never receive an answer.

Open a new case describing your issue.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-26-2021 04:58 AM

Hi @bosseres,

check the connection between Ds and Indexers because probably there a block between them.

You could use telnet:

telnet 10.22.31.80 9997
telnet 10.22.22.241 9997

If telnet fails, you can check:

  • local firewall on DS,
  • firewalls between Ds and Indexers,
  • enabled receiving (on port 9997) on Indexers.

Ciao.

Giuseppe

Reply

bosseres
Contributor
‎01-26-2021 04:00 AM

one more question, why can't I delete host from list? there is really no such host in outputs.conf

bosseres_0-1611662382550.png

 

0 Karma
Reply

bosseres
Contributor
‎01-26-2021 05:04 AM

second one question I resolved with btool

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...