I have been using the Universal forwarder splunkforwarder-7.2.6-c0bf0f679ce9-Linux-x86_64 for quite a while without issues. I now wanted to upgrade to the latest one, 9.0.2 so I downloaded it and ran it just like I did with the old version. However, when starting it,
I have this same problem with containers. Works in 8.x, but get the same failure in 9.x. Investigating.
Adding the following to my compose file fixes the problem with docker containers in 9.x:
splunk: tty: true
Thank you! This fixed the issue afret I upgraded from 8.x to 9.x.
And if you are not using compose files, is there perhaps something that can be configured?
I don’t know if there is a config option for splunk itself. With docker cli, you should be able to add the -t flag and it would be the same as the compose version.
I can't find it documented, but going from 7 to 9 may be too much of a jump. Now that you're on 8, installing 9 should work.
Its not really an upgrade, I'm using docker containers so its basically a fresh install everytime so to speak.