Solved: Re: Forwarder restarting every 10 minutes

jihape · ‎11-08-2020

Hi,

I have a dozen of UFs that are restarting every ten minutes. They are on Windows. Running 7.2 (latest supported version).

What I have checked so far:

- Splunk excluded from antivirus
- disabled deploymentclient
- UF running as local system

Any ideas what could trigger a restart after disabling deploymentclient.conf?

jihape · ‎11-10-2020

Figured it out. Added some extra monitoring and found the server owner had a script that restarted the UF if it uses more than x memory 😂

Why he came to me with a problem he created I don't know.

jihape · ‎11-10-2020

Figured it out. Added some extra monitoring and found the server owner had a script that restarted the UF if it uses more than x memory 😂

Why he came to me with a problem he created I don't know.

nwuest · ‎11-08-2020

Just a thought, is there a file called “crash.log” in the following folder:

/opt/splunkforwarder/var/log/splunk/

If not, is there anything that is popping up in splunkd.log in the same folder?

Look forward to hearing from you!

V/R,
nwuest

Forwarder restarting every 10 minutes