Monitoring Splunk

How to resolve universalforwarder 8.1.3 aix 7.1, 7.2 software program error log?

haruban36
Explorer

Splunk Enterprise 8.1.3
I installed splunkforwarder-8.1.3-63079c59e632-AIX-powerpc.

The error message comes from AIX os.

When entering the "errpt" command, the following error message is displayed.

Check the messages below for further confirmation.


=====================================================================

LABEL: SRC_TRYX
IDENTIFIER: 1BA7DF4E

Date/Time: Wed Apr 5 05:00:32 KORST 2023
Sequence Number: 3589
Machine Id: 00CEC3474C00
Node Id: mgl888
Class: S
Type: PERM
WPAR: Global
Resource Name: SRC

Description
SOFTWARE PROGRAM ERROR

Probable Causes
APPLICATION PROGRAM

Failure Causes
SOFTWARE PROGRAM

Recommended Actions
DETERMINE WHY SUBSYSTEM CANNOT RESTART

Detail Data
SYMPTOM CODE
2048
SOFTWARE ERROR CODE
-9020
ERROR CODE
0
DETECTING MODULE
'srchevn.c'@line:'369'
FAILING MODULE
splunkd

Labels (3)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

all the times I hsd to install Splunk UF on AIX I encountered problems.

The only way is to open a case to Splunk Support.

In the meantime, what is your AIX version?

Ciao.

Giuseppe

View solution in original post

haruban36
Explorer

Hi @gcusello!
Aix version is 7.1

excuse me, I have one more question.
server where the message originated There was also a problem with UF disconnection.
So I restarted it, but the problem occurred again.
Should I open a case on this issue as well?

the following error log is displayed.

Check the logs below for further confirmation.



thank you very much for your response!

========================================================================
03-29-2023 05:00:29.097 +0900 INFO WatchedFile - Will begin reading at offset=13491182 for file='/LOG/tux/CLOG.032923'.
03-29-2023 05:00:29.250 +0900 ERROR ProcessRunner - child's last words: cannot find portable_pid_t 9372426 in _pidToUniqMap
03-29-2023 05:00:29.252 +0900 FATAL ProcessRunner - Unexpected EOF from process runner child!
03-29-2023 05:00:29.299 +0900 ERROR ProcessRunner - helper process seems to have died (child exited with code 255)!
03-29-2023 05:00:29.299 +0900 ERROR ExecProcessor - Exception attempting to setup event loop
03-29-2023 05:00:29.299 +0900 ERROR ExecProcessor - child's last words: cannot find portable_pid_t 9372426 in _pidToUniqMap

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

the main problem I encountered on AIX was during Splunk shoutdown that remained freezed and I had to manually kill the process.

i opened a case to Splunk support for this.

Ciao.

Giuseppe

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

all the times I hsd to install Splunk UF on AIX I encountered problems.

The only way is to open a case to Splunk Support.

In the meantime, what is your AIX version?

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...