Hi guys,
I configured my all-in-one Splunk instance to forward data to another search head by using an tcpout:9997 at outputs.conf. Then I removed the config file manually from Ubuntu command line.
However, I found data from my all-in-one Splunk box still forwarding to the other SH after reboot.
So I checked Forwarding and receiving setting from Splunk Web. I found the previous setting still there. Please see the attached screenshot for details.
Is there a way to remove those two forward data configurations from either Splunk Web or CMD?
Could any one please help?
Cheers,
Vincent
Hi everyone,
I used btool find a configuration in one of my apps has a tcpout setup at outputs.conf.
So I removed the configuration and restart Splunk. Issue is now resolved. 🙂
Hi everyone,
I used btool find a configuration in one of my apps has a tcpout setup at outputs.conf.
So I removed the configuration and restart Splunk. Issue is now resolved. 🙂
What was done to fix this issue? Experiencing the same thing in our environment
Hi robinsonk,
I assume your Splunk is in a Linux environment as well?
You can use btool to find all configurations at outputs.conf.
Something like ./splunk cmd btool outputs list --debug | grep tcpout
Find the configuration you don't want. And manually delete the configuration from outputs.conf...
no we are Windows environment.
Hi Windows can use btool as well. It is basically the same. Just remove ./ at the beginner of the cmd.
Check here for more information:
http://docs.splunk.com/Documentation/Splunk/6.4.1/Troubleshooting/Usebtooltotroubleshootconfiguratio...