Re: ERROR TcpOutputProc - Illegal format for confi...

muebel · ‎04-22-2016

I'm finding the otherwise unimpactful messages :

ERROR TcpOutputProc - Illegal format for config item 'uri'

showing up in splunkd.log. I'm guessing this has something to do with a configuration stanza name problem, but it is a pretty vague message, and I'm hoping somebody could offer advice concerning the origin and purpose of this event. Thanks!

eagle4splunk · ‎09-06-2018

Just ran into this issue and found that it was caused by a malformed list of servers in outputs.conf

puma_splunk · ‎02-05-2017

In my case (splunkforwarder-6.3.3-f44afce176d0-linux-2.6-x86_64.rpm), this error seems to have been caused by comments within inputs.conf:

[tcpout]
defaultGroup=Production
disabled=false

[tcpout:Production]
#server= 172.19.94.77:9997  # Model
server= 172.19.94.19:9997   # splunk-delphi.blah.com

Pruning all the comments and restarting splunkd seems to have fixed it. Bad parser?

bosburn_splunk · ‎04-22-2016

Muebel - can you check the pass4SymmKey in the forwarders outputs.conf and the pass4SymmKey in the [indexer_discovery] stanza in the server.conf of the cluster master?

ChrisG · ‎04-22-2016

Also: Support requests that you open a case on this one, so they can get a bug (or bugs) assigned to engineering, or attach the case to existing defect tickets.

ERROR TcpOutputProc - Illegal format for config item 'uri' What does it mean?

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk