Solved: How to prevent a PID file from causing one of our ...

katanguriabhi · ‎10-05-2016

Hi,

I got an issue with one of the Universal Forwarder. It is automatically shutting down and when I restart, it is again shutting down immediately. According to what I see when I check status, I figured it out it was the problem with PID files and tried to manually remove them from /opt/splunkforwarder/var/run/splunk . Even after this, I can't find a solution. Can some one help me out?

Thanks 🙂

Attached the pic for reference.

katanguriabhi · ‎10-11-2016

It was the Ulimits on the box that causes issue. I changed the ulimit values to unlimit after looking into Splunkd logs accordingly and it worked perfectly. May be at first i ignored the WARN message in Splunkd logs as we doesn't pay much attention to warnings 😛

View solution in original post

katanguriabhi · ‎10-11-2016

It was the Ulimits on the box that causes issue. I changed the ulimit values to unlimit after looking into Splunkd logs accordingly and it worked perfectly. May be at first i ignored the WARN message in Splunkd logs as we doesn't pay much attention to warnings 😛

How to prevent a PID file from causing one of our universal forwarders to shut down?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation