Getting Data In

How to configure 2 Universal Forwarder instances (Splunk 6.1.3 and 6.3.0) on a single AIX machine?

bharathkumarnec
Contributor

Hi All,

I am planning to configure two Splunk Universal Forwarder instances on one of our AIX machines. Version of Splunk 6.1.3 & 6.3.0.

What are the places that I need to make changes in order to make the two instances run with out any issues?

I have changed the web.conf by changing the management ports.

Help in this regard is very helpful.

Regards,

justinrowan
Explorer

bharathkumarnec did you find a resolution for this? I'm running into the same issue on AIX 7.1 while attempting to install multiple forwarders.

Works fine on Linux.

0 Karma

bharathkumarnec
Contributor

No!Dint find any!

0 Karma

woodcock
Esteemed Legend

If you are planning to manage the instances from a Deployment Server, you need to make sure each instance EITHER uses a separate NIC (so you can say DottedQuad1 is instance1 and gets certain stuff and DottedQuad2 is instance2 and gets other stuff) OR you need to set clientName differently between the two instances inside deploymentclient.conf:

clientName = deploymentClient
    * Defaults to deploymentClient.
    * A name that the deployment server can filter on.
    * Takes precedence over DNS names.

http://docs.splunk.com/Documentation/Splunk/6.3.1511/admin/Deploymentclientconf

0 Karma

bharathkumarnec
Contributor

Hi woodcock,

Below is the message that I am getting when running second instance:

0513-029 The splunkd sybsytem is already active.
Multiple instances are not supported.

0 Karma

woodcock
Esteemed Legend

I will admit, the last time that I did this was on 6.0 and it was possible. It is entirely possible that between that release and whatever you are using that Splunk has written extra code into splunkd to disable this architectural approach. I would open a support case.

0 Karma

woodcock
Esteemed Legend

You do have to run it on a different port but that does not appear to be the problem that you are experiencing.

0 Karma

bharathkumarnec
Contributor

Thanks & yes I am running two instances on two different ports!

0 Karma

jplumsdaine22
Influencer

I don't know if there are any AIX specific issues.
On linux we just change management port and it works fine.

bharathkumarnec
Contributor

Hi jplumsdaine22,

Everything working fine on Linux machines in our environment, but not on AIX machine.

Message : Multiple services cannot be run
Looks like we need to change the subsystem name, not sure just a guess

0 Karma

jplumsdaine22
Influencer

Sorry to hear that. Where is that message coming from? Splunk or AIX ?

0 Karma

bharathkumarnec
Contributor

Below is the message I am getting after starting second splunk instance:

Multple instances cannot run..

0 Karma

jplumsdaine22
Influencer

Oh - Are you starting the instances in seperate locations ? For example

/opt/splunk-instance-1/bin/splunk and /opt/splunk-instance-2/bin/splunk

0 Karma

bharathkumarnec
Contributor

yes both instances are in different locations:

0513-029 The splunkd sybsytem is already active.
Multiple instances are not supported.

This is the message I am getting.

0 Karma

jplumsdaine22
Influencer

Must be something AIX specific. Have you tried splunk support?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...