Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

WARN TcpOutputProc - Forwarding to indexer group proidx blocked for 249600 seconds. in splunkd.log?

pavanae
Builder
‎01-11-2016 11:51 AM

After configuring everything I couldn't able to index the data while was checking in the splunkd.log. I could see the following warnings occuring repeatedly

01-11-2016 14:46:25.760 -0500 WARN TcpOutputProc - Cooked connection to ip=10.200.32.13:9997 timed out
01-11-2016 14:46:38.951 -0500 WARN TcpOutputProc - Forwarding to indexer group proidx blocked for 249600 seconds.

What does that mean?How can i index the data sucessfully?

Reply
1 Solution
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎01-11-2016 12:03 PM 
Cooked connection to ip=10.200.32.13:9997 timed out

Means that a SYN has been sent to establish a tcp connection, but no ACK was received in response to the SYN. This could be due to network trouble, a firewall, router, switch, or other general connectivity problem.

I would first check to ensure that 10.200.32.13 is actually listening on port 9997 via a tool like netstat.

If it is, I'd suggest manually connecting via telnet or netcat to the port from the forwarding box. Chances are this won't be successful, so then you'd need to examine the infrastructure via a network capture using a tool like tcpdump to validate that the data is sent, and has arrived at the destination.

Unfortunately, the error is fairly generic and as such only general advise can be provided.

View solution in original post

Reply
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎01-11-2016 12:03 PM 
Cooked connection to ip=10.200.32.13:9997 timed out

Means that a SYN has been sent to establish a tcp connection, but no ACK was received in response to the SYN. This could be due to network trouble, a firewall, router, switch, or other general connectivity problem.

I would first check to ensure that 10.200.32.13 is actually listening on port 9997 via a tool like netstat.

If it is, I'd suggest manually connecting via telnet or netcat to the port from the forwarding box. Chances are this won't be successful, so then you'd need to examine the infrastructure via a network capture using a tool like tcpdump to validate that the data is sent, and has arrived at the destination.

Unfortunately, the error is fairly generic and as such only general advise can be provided.

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...