Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarding and receiving - Error occurred attempting to remove a tcpout input from Splunk Web

season88481
Contributor
‎06-03-2016 09:55 PM

Hi guys,

I configured my all-in-one Splunk instance to forward data to another search head by using an tcpout:9997 at outputs.conf. Then I removed the config file manually from Ubuntu command line.

However, I found data from my all-in-one Splunk box still forwarding to the other SH after reboot.

So I checked Forwarding and receiving setting from Splunk Web. I found the previous setting still there. Please see the attached screenshot for details.
alt text

Is there a way to remove those two forward data configurations from either Splunk Web or CMD?

Could any one please help?

Cheers,
Vincent

Preview file
63 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

season88481
Contributor
‎06-03-2016 10:03 PM

Hi everyone,

I used btool find a configuration in one of my apps has a tcpout setup at outputs.conf.

So I removed the configuration and restart Splunk. Issue is now resolved. 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

season88481
Contributor
‎06-03-2016 10:03 PM

Hi everyone,

I used btool find a configuration in one of my apps has a tcpout setup at outputs.conf.

So I removed the configuration and restart Splunk. Issue is now resolved. 🙂

Reply
Solved! Jump to solution

robinsonk
Engager
‎06-14-2016 11:38 AM

What was done to fix this issue? Experiencing the same thing in our environment

0 Karma
Reply
Solved! Jump to solution

season88481
Contributor
‎06-14-2016 04:52 PM

Hi robinsonk,

I assume your Splunk is in a Linux environment as well?

You can use btool to find all configurations at outputs.conf.

Something like ./splunk cmd btool outputs list --debug | grep tcpout

Find the configuration you don't want. And manually delete the configuration from outputs.conf...

0 Karma
Reply
Solved! Jump to solution

robinsonk
Engager
‎06-22-2016 10:25 AM

no we are Windows environment.

Reply
Solved! Jump to solution

season88481
Contributor
‎06-22-2016 02:32 PM

Hi Windows can use btool as well. It is basically the same. Just remove ./ at the beginner of the cmd.
Check here for more information:
http://docs.splunk.com/Documentation/Splunk/6.4.1/Troubleshooting/Usebtooltotroubleshootconfiguratio...

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...