Monitoring Splunk

How to resolve universalforwarder 8.1.3 aix 7.1, 7.2 software program error log?

haruban36
Explorer

Splunk Enterprise 8.1.3
I installed splunkforwarder-8.1.3-63079c59e632-AIX-powerpc.

The error message comes from AIX os.

When entering the "errpt" command, the following error message is displayed.

Check the messages below for further confirmation.


=====================================================================

LABEL: SRC_TRYX
IDENTIFIER: 1BA7DF4E

Date/Time: Wed Apr 5 05:00:32 KORST 2023
Sequence Number: 3589
Machine Id: 00CEC3474C00
Node Id: mgl888
Class: S
Type: PERM
WPAR: Global
Resource Name: SRC

Description
SOFTWARE PROGRAM ERROR

Probable Causes
APPLICATION PROGRAM

Failure Causes
SOFTWARE PROGRAM

Recommended Actions
DETERMINE WHY SUBSYSTEM CANNOT RESTART

Detail Data
SYMPTOM CODE
2048
SOFTWARE ERROR CODE
-9020
ERROR CODE
0
DETECTING MODULE
'srchevn.c'@line:'369'
FAILING MODULE
splunkd

Labels (3)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

all the times I hsd to install Splunk UF on AIX I encountered problems.

The only way is to open a case to Splunk Support.

In the meantime, what is your AIX version?

Ciao.

Giuseppe

View solution in original post

haruban36
Explorer

Hi @gcusello!
Aix version is 7.1

excuse me, I have one more question.
server where the message originated There was also a problem with UF disconnection.
So I restarted it, but the problem occurred again.
Should I open a case on this issue as well?

the following error log is displayed.

Check the logs below for further confirmation.



thank you very much for your response!

========================================================================
03-29-2023 05:00:29.097 +0900 INFO WatchedFile - Will begin reading at offset=13491182 for file='/LOG/tux/CLOG.032923'.
03-29-2023 05:00:29.250 +0900 ERROR ProcessRunner - child's last words: cannot find portable_pid_t 9372426 in _pidToUniqMap
03-29-2023 05:00:29.252 +0900 FATAL ProcessRunner - Unexpected EOF from process runner child!
03-29-2023 05:00:29.299 +0900 ERROR ProcessRunner - helper process seems to have died (child exited with code 255)!
03-29-2023 05:00:29.299 +0900 ERROR ExecProcessor - Exception attempting to setup event loop
03-29-2023 05:00:29.299 +0900 ERROR ExecProcessor - child's last words: cannot find portable_pid_t 9372426 in _pidToUniqMap

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

the main problem I encountered on AIX was during Splunk shoutdown that remained freezed and I had to manually kill the process.

i opened a case to Splunk support for this.

Ciao.

Giuseppe

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

all the times I hsd to install Splunk UF on AIX I encountered problems.

The only way is to open a case to Splunk Support.

In the meantime, what is your AIX version?

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...