Monitoring Splunk

How to resolve universalforwarder 8.1.3 aix 7.1, 7.2 software program error log?

haruban36
Explorer

Splunk Enterprise 8.1.3
I installed splunkforwarder-8.1.3-63079c59e632-AIX-powerpc.

The error message comes from AIX os.

When entering the "errpt" command, the following error message is displayed.

Check the messages below for further confirmation.


=====================================================================

LABEL: SRC_TRYX
IDENTIFIER: 1BA7DF4E

Date/Time: Wed Apr 5 05:00:32 KORST 2023
Sequence Number: 3589
Machine Id: 00CEC3474C00
Node Id: mgl888
Class: S
Type: PERM
WPAR: Global
Resource Name: SRC

Description
SOFTWARE PROGRAM ERROR

Probable Causes
APPLICATION PROGRAM

Failure Causes
SOFTWARE PROGRAM

Recommended Actions
DETERMINE WHY SUBSYSTEM CANNOT RESTART

Detail Data
SYMPTOM CODE
2048
SOFTWARE ERROR CODE
-9020
ERROR CODE
0
DETECTING MODULE
'srchevn.c'@line:'369'
FAILING MODULE
splunkd

Labels (3)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

all the times I hsd to install Splunk UF on AIX I encountered problems.

The only way is to open a case to Splunk Support.

In the meantime, what is your AIX version?

Ciao.

Giuseppe

View solution in original post

haruban36
Explorer

Hi @gcusello!
Aix version is 7.1

excuse me, I have one more question.
server where the message originated There was also a problem with UF disconnection.
So I restarted it, but the problem occurred again.
Should I open a case on this issue as well?

the following error log is displayed.

Check the logs below for further confirmation.



thank you very much for your response!

========================================================================
03-29-2023 05:00:29.097 +0900 INFO WatchedFile - Will begin reading at offset=13491182 for file='/LOG/tux/CLOG.032923'.
03-29-2023 05:00:29.250 +0900 ERROR ProcessRunner - child's last words: cannot find portable_pid_t 9372426 in _pidToUniqMap
03-29-2023 05:00:29.252 +0900 FATAL ProcessRunner - Unexpected EOF from process runner child!
03-29-2023 05:00:29.299 +0900 ERROR ProcessRunner - helper process seems to have died (child exited with code 255)!
03-29-2023 05:00:29.299 +0900 ERROR ExecProcessor - Exception attempting to setup event loop
03-29-2023 05:00:29.299 +0900 ERROR ExecProcessor - child's last words: cannot find portable_pid_t 9372426 in _pidToUniqMap

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

the main problem I encountered on AIX was during Splunk shoutdown that remained freezed and I had to manually kill the process.

i opened a case to Splunk support for this.

Ciao.

Giuseppe

gcusello
SplunkTrust
SplunkTrust

Hi @haruban36,

all the times I hsd to install Splunk UF on AIX I encountered problems.

The only way is to open a case to Splunk Support.

In the meantime, what is your AIX version?

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...