Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarding and receiving - Error occurred attempting to remove a tcpout input from Splunk Web

season88481
Contributor
‎06-03-2016 09:55 PM

Hi guys,

I configured my all-in-one Splunk instance to forward data to another search head by using an tcpout:9997 at outputs.conf. Then I removed the config file manually from Ubuntu command line.

However, I found data from my all-in-one Splunk box still forwarding to the other SH after reboot.

So I checked Forwarding and receiving setting from Splunk Web. I found the previous setting still there. Please see the attached screenshot for details.
alt text

Is there a way to remove those two forward data configurations from either Splunk Web or CMD?

Could any one please help?

Cheers,
Vincent

Preview file
63 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

season88481
Contributor
‎06-03-2016 10:03 PM

Hi everyone,

I used btool find a configuration in one of my apps has a tcpout setup at outputs.conf.

So I removed the configuration and restart Splunk. Issue is now resolved. 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

season88481
Contributor
‎06-03-2016 10:03 PM

Hi everyone,

I used btool find a configuration in one of my apps has a tcpout setup at outputs.conf.

So I removed the configuration and restart Splunk. Issue is now resolved. 🙂

Reply
Solved! Jump to solution

robinsonk
Engager
‎06-14-2016 11:38 AM

What was done to fix this issue? Experiencing the same thing in our environment

0 Karma
Reply
Solved! Jump to solution

season88481
Contributor
‎06-14-2016 04:52 PM

Hi robinsonk,

I assume your Splunk is in a Linux environment as well?

You can use btool to find all configurations at outputs.conf.

Something like ./splunk cmd btool outputs list --debug | grep tcpout

Find the configuration you don't want. And manually delete the configuration from outputs.conf...

0 Karma
Reply
Solved! Jump to solution

robinsonk
Engager
‎06-22-2016 10:25 AM

no we are Windows environment.

Reply
Solved! Jump to solution

season88481
Contributor
‎06-22-2016 02:32 PM

Hi Windows can use btool as well. It is basically the same. Just remove ./ at the beginner of the cmd.
Check here for more information:
http://docs.splunk.com/Documentation/Splunk/6.4.1/Troubleshooting/Usebtooltotroubleshootconfiguratio...

0 Karma
Reply
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...