Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Error on forwarder

bosseres
Contributor
‎01-26-2021 03:58 AM

Hello everyone,

I'm trying to configure deployment server and i have a error, occured on forwarder

TCPOutAutoLB-1

  • Root Cause(s):
    • More than 70% of forwarding destinations have failed. Ensure your hosts and ports in outputs.conf are correct. Also ensure that the indexers are all running, and that any SSL certificates being used for forwarding are correct.
  • Last 50 related messages:
    • 01-26-2021 14:55:56.254 +0300 WARN TcpOutputProc - Applying quarantine to ip=10.22.31.80 port=9997 _numberOfFailures=2
    • 01-26-2021 14:55:56.253 +0300 INFO TcpOutputProc - Found currently active indexer. Connected to idx=10.22.22.241:9997, reuse=1.
    • 01-26-2021 14:55:26.660 +0300 INFO TcpOutputProc - Connected to idx=10.22.22.241:9997, pset=0, reuse=0.
    • 01-26-2021 14:55:26.553 +0300 INFO TcpOutputProc - _isHttpOutConfigured=NOT_CONFIGURED
    • 01-26-2021 14:55:26.322 +0300 INFO TcpOutputProc - Group receiver initialized with maxQueueSize=512000 in bytes.

What does it mean? Thank you.

Labels (1)
Labels
0 Karma
Reply

bosseres
Contributor
‎01-26-2021 05:05 AM

we can close topic, I resolved the problem

ty

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-11-2025 11:10 PM

Hi @bosseres ,

Please describe how you solved the topic and close the case for the oother people of the Community.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

SN1
Path Finder
‎02-11-2025 09:42 PM

 Hi could you please tell me how did you resolve this issue as i am having the same issue as well.
Thank You.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-11-2025 11:11 PM

Hi @SN1 ,

don't attach a new request to an old one, even if on the same topic, because probably you'll never receive an answer.

Open a new case describing your issue.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-26-2021 04:58 AM

Hi @bosseres,

check the connection between Ds and Indexers because probably there a block between them.

You could use telnet:

telnet 10.22.31.80 9997
telnet 10.22.22.241 9997

If telnet fails, you can check:

  • local firewall on DS,
  • firewalls between Ds and Indexers,
  • enabled receiving (on port 9997) on Indexers.

Ciao.

Giuseppe

Reply

bosseres
Contributor
‎01-26-2021 04:00 AM

one more question, why can't I delete host from list? there is really no such host in outputs.conf

bosseres_0-1611662382550.png

 

0 Karma
Reply

bosseres
Contributor
‎01-26-2021 05:04 AM

second one question I resolved with btool

Tags (1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...