Monitoring Splunk

How to resolve universalforwarder 8.1.3 aix disconnected error?

haruban36
Explorer

Splunk Enterprise 8.1.3
I installed splunkforwarder-8.1.3-63079c59e632-AIX-powerpc.

There was a problem with the universalforwarder connection being disconnected, so I restarted it.
However, even after restarting, the connection was lost after a certain period of time.

I am attaching the last 10 lines of splunkd log before disconnection.
Check the logs below for further confirmation.

===============================================================================

03-29-2023 05:00:28.927 +0900 WARN X509Verify - X509 certificate (O=SplunkUser,CN=SplunkServerDefaultCert) should not be used, as it is issued by Splunk's own default Certificate Authority (CA). This puts your Splunk instance at very high-risk of the MITM attack. Either commercial-CA-signed or self-CA-signed certificates must be used; see: <http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtoself-signcertificates>
03-29-2023 05:00:28.938 +0900 INFO ArchiveProcessor - Handling file=/LOG/tux/CLOG.032723.Z
03-29-2023 05:00:28.942 +0900 INFO ArchiveProcessor - reading path=/LOG/tux/CLOG.032723.Z (seek=0 len=113564693)
03-29-2023 05:00:29.027 +0900 INFO UiHttpListener - Web UI disabled in web.conf [settings]; not starting
03-29-2023 05:00:29.097 +0900 INFO WatchedFile - Will begin reading at offset=13491182 for file='/LOG/tux/CLOG.032923'.
03-29-2023 05:00:29.250 +0900 ERROR ProcessRunner - child's last words: cannot find portable_pid_t 9372426 in _pidToUniqMap
03-29-2023 05:00:29.252 +0900 FATAL ProcessRunner - Unexpected EOF from process runner child!
03-29-2023 05:00:29.299 +0900 ERROR ProcessRunner - helper process seems to have died (child exited with code 255)!
03-29-2023 05:00:29.299 +0900 ERROR ExecProcessor - Exception attempting to setup event loop
03-29-2023 05:00:29.299 +0900 ERROR ExecProcessor - child's last words: cannot find portable_pid_t 9372426 in _pidToUniqMap

Labels (3)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...