Solved: Forwarder Port 9996 has intermittent connectivity ...

balbano · ‎05-14-2012

For some reason, ever since upgrading from 4.3.1 to 4.3.2, my 2 indexers have been experiencing intermittent connectivity issues with the default Forwarder Port TCP 9996.

They are taking turns doing this and I am afraid this can affect my client forwarder traffic down the line.

Anyone else having this problem.

I submitted a case to Splunk about this but wondering is anyone else is having this problem.

I know for sure this has never happened before and this started happening when I upgraded to 4.3.2

Let me know if theres anything I should do or look at to determine the issue.

Thanks.

Brian

balbano · ‎07-06-2012

My issue was due to the indexers being overloaded due to failed time parsing.

I have corrected this and the performance has much improved.

I still think there is something different in the way that Splunk handled time parsing prior to 4.3.2 since I have never experienced these connection issues but Splunk Support helped me isolate the issue.

Thanks.
B

View solution in original post

balbano · ‎07-06-2012

My issue was due to the indexers being overloaded due to failed time parsing.

I have corrected this and the performance has much improved.

I still think there is something different in the way that Splunk handled time parsing prior to 4.3.2 since I have never experienced these connection issues but Splunk Support helped me isolate the issue.

Thanks.
B

dantimola · ‎07-13-2017

Please share what you've done to resolve the issue. Thanks.

christantoy · ‎05-27-2013

Can you explain how did you do it?? because i'll experiencing this last week till now..

balbano · ‎05-18-2012

Is there no one having this issue?

Forwarder Port 9996 has intermittent connectivity issues since upgrading indexers to Splunk 4.3.2

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector