splunkd is not running. "failed splunkd.pid doesn'...

LMEnterprise · ‎11-14-2023

I have installed Splunk forwarder 9.1.1 on a linux server, but the user and group splunk was unable to be created from the rpm installation. I thought that could have fixed the issue as to why i kept getting an inactive forward-server, but I ended up getting a new error. when i try to restart splunk forwarder, i get the following error:

splunkd is not running. "failed splunkd.pid doesn't exist"

and when i try to have splunk forwarder list the forward-server, I get the following error 3 times:

'tcp_conn_open_afux ossocket_connect failed with no such file or directory'

it still lists my server as an inactive one despite having another splunk forwarder linux host properly connecting to splunk enterprise via ssl connection.

I have also made sure that the listening port (9997) is listened to by splunk. its the same port used by the other linux host to forward logs to

gejimenez · ‎01-23-2024

Hello there,

I was having the same issue, and it turned out to be a problem with the installation. So, I just did a yum remove splunk* and removed the /opt/splunkforwarder home directory completely. After, uninstalling and removing the splunk home directory, and I started spunk just fine and I was able to run the add monitor command without any issues.

I'm running RHEL 8.x and issuing all of these commands via the Linux CLI. Splunk version is 9.1.2. I hope this helps.

Respectfully.

Guillermo

Washington, DC

splunkd is not running. "failed splunkd.pid doesn't exist"

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?