Getting Data In

Splunk not accepting data from forwarder

anupamdt
New Member

I have installed Splunk universal forwarder on my local system where the enterprise instance is installed. After installing the forwarder I have done the required configurations as well but now I can see any data received from the forwarder. When I check the splunkd.log file I can see some messages like "TcpOutputProc - Tcpout Processor: The TCP output processor has paused the data flow. Forwarding to output group default-autolb-group has been blocked for 1430 seconds. This will probably stall the data flow towards indexing and other network outputs. Review the receiving system's health in the Splunk Monitoring Console. It is probably not accepting data."

0 Karma

inventsekar
Super Champion

I have installed Splunk universal forwarder on my local system where the enterprise instance is installed ///

Did you install universal forwarder on the local system where also Splunk Enterprise (Splunk indexer) is installed?!?! On the same single system?!?!

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.
0 Karma

anupamdt
New Member

Yes both of them are installed on the same system.

0 Karma

skoelpin
SplunkTrust
SplunkTrust

Did you enable Splunk to listen on port 9997?

If so, you can start with this link

http://docs.splunk.com/Documentation/Splunk/6.6.2/Troubleshooting/Cantfinddata

0 Karma

anupamdt
New Member

I have enabled splunk to listen on 9997 port.
My input.conf looks like below:
[default]
host = DUTTAAN2
[splunktcp://9997]
disabled = 0
stopAcceptorAfterQBlock = 1200

The output.conf like:

[tcpout]
defaultGroup = default-autolb-group
indexAndForward = 0

[tcpout:default-autolb-group]
disabled = 0
server = localhost:9997

[tcpout-server://localhost:9997]

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...