Hello,
We've installed a linux UF on a supported distribution. Done this on multiple machines but facing an issue on a single server. The forwarder fails to start with the following error:
./splunk start
Starting Splunk...
Splunk> All batbelt. No tights.
Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-8.2.0-e053ef3c985f-linux-2.6-x86_64-manifest'
All installed files intact
Done
All preliminary checks passed.
Starting Splunk server daemon (splunkd)...
ERROR: pid 90702 terminated with signal 4
Done [ OK ]
Tried installing it as a daemon as well. It doesn't report any error but the service fails to start. When starting directly from the bin folder, get the above error.
Any helpful pointers here please?
Thanks.
Regards,
Hi @SRG9 ,
Thank you for your input however it was not the case.
The splunkd service was being terminated by a dynatrace agent installed on the machine. Apparently dynatrace agent (liboneagentproc.so) injects itself to check any service which is being initiated and was terminating the splunk process with an illegal opcode error.
Removing the dynatrace agent solved the issue in our case. However, it would've been ideal if both the solutions could coexist on the same host.
I am not sure if below solution works ,
can you rename the splunkd.pid to splunkd.pid_old present in following location and start the splunk?.
/opt/splunkforwarder/var/run/splunk/
Hi @SRG9 ,
Thank you for your input however it was not the case.
The splunkd service was being terminated by a dynatrace agent installed on the machine. Apparently dynatrace agent (liboneagentproc.so) injects itself to check any service which is being initiated and was terminating the splunk process with an illegal opcode error.
Removing the dynatrace agent solved the issue in our case. However, it would've been ideal if both the solutions could coexist on the same host.
I had similar issue, I have applied below config and was able to start Splunk:
$SPLUNK_HOME/etc/system/local/server.conf
[watchdog]
usePreloadedPstacks = false
There is also information on Dynatrace website about Splunk 8.2.
There is no workaround yet.