Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to fix TCPOutAutoLB-0 error?

hketer
Path Finder
‎09-14-2022 09:25 AM

Hello,

I'll try to explain our issue we had.

We have 7 HFs and 4 Idx
HF_1, HF_2, HF_3 sending TCP logs and log files to: HF_4 & HF_6 & HF_7 
HF_4 sending TCP logs (Not necessarily the same data) to HF_5 
HF_5 send the data from HF_4 to our Indexers.

 

The splunkd service on HF_5 was down, what cause our HF_4 to receive errors:

"TCPOutAutoLB-0 , forwarding destinations have failed"
make sense.

What I don't understand is why the servers HF_1\2\3 got stuck and stopped send data  also to HF_6 and HF_7.

 

Please help me understand this,
Thank you all!

 

Hen

 

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎09-14-2022 08:30 PM

Hi @hketer,

Are you also using TCP Syslog output on your HF_1/2/3 to any destination? Because if any of the Syslog TCP destinations gets stuck, all indexing and forwarding pipeline stops. That's why I prefer UDP Syslog output to prevent this problem. 

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎09-14-2022 08:30 PM

Hi @hketer,

Are you also using TCP Syslog output on your HF_1/2/3 to any destination? Because if any of the Syslog TCP destinations gets stuck, all indexing and forwarding pipeline stops. That's why I prefer UDP Syslog output to prevent this problem. 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Solved! Jump to solution

hketer
Path Finder
‎09-18-2022 12:01 AM

Hi @scelikok ,

Yes, we do use TCP Syslog outputs to other destinations.
As I understand, the queues will get stuck and will affect all the other inputs configured ?

Will it affect only TCP inputs? or also monitoring files for example?

Thanks,
Hen

0 Karma
Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎09-18-2022 01:56 AM

Hi @hketer,

Yes, unfortunately, it affects all indexing processes.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Solved! Jump to solution

hketer
Path Finder
‎09-18-2022 04:06 AM

@scelikok 

Thank you for the help!

Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...