Getting Data In

Unable to start Splunk forwarder

Manilyn
Explorer

Maybe someone here could help me as i have issue on starting the SPLUNK forwarder.
Here's the full error upon trying to start the forwarder

Checking prerequisites...
Management port has been set disabled; cli support for this configuration is currently incomplete.
Checking conf files for typos... Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Error loading logging config file

Timed out waiting for splunkd to start.

Tags (1)
0 Karma
1 Solution

Manilyn
Explorer

I resolved the issue by commenting JSON lines from log.cfg

View solution in original post

0 Karma

Manilyn
Explorer

I resolved the issue by commenting JSON lines from log.cfg

0 Karma

subham29
Engager

Hello @Manilyn ,

 

Could you please let me know what all changes you performed on log.cfg?

0 Karma

oscar84x
Contributor

You should be able to see more specific errors in /opt/splunk/var/log/splunk/splunkd.log.
Share some of the log if you're not able to determine what the problem is.

0 Karma

sunnyb147
Path Finder
  1. Could you please share some more information from splunkd.log
  2. Could be a possibility something is wrong with log.cfg file < PATH: $SPLUNK_HOME/etc/log.cfg >
0 Karma

Manilyn
Explorer

07-08-2019 17:22:55.806 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:263: Pa
rse error at "appender.idata_ResourceUsage.serialization=JSON"
07-08-2019 17:22:55.807 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:273: Pa
rse error at "appender.idata_DiskObjects.serialization=JSON"
07-08-2019 17:25:56.521 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:263: Pa
rse error at "appender.idata_ResourceUsage.serialization=JSON"
07-08-2019 17:25:56.522 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:273: Pa
rse error at "appender.idata_DiskObjects.serialization=JSON"
07-12-2019 07:00:43.255 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:263: Pa
rse error at "appender.idata_ResourceUsage.serialization=JSON"
07-12-2019 07:00:43.255 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:273: Pa
rse error at "appender.idata_DiskObjects.serialization=JSON"

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...