Splunk Dev

splunkd is not running. "failed splunkd.pid doesn't exist"

LMEnterprise
Observer

I have installed Splunk forwarder 9.1.1 on a linux server, but the user and group splunk was unable to be created from the rpm installation. I thought that could have fixed the issue as to why i kept getting an inactive forward-server, but I ended up getting a new error. when i try to restart splunk forwarder, i get the following error:

splunkd is not running. "failed splunkd.pid doesn't exist"

and when i try to have splunk forwarder list the forward-server, I get the following error 3 times:

'tcp_conn_open_afux ossocket_connect failed with no such file or directory'

it still lists my server as an inactive one despite having another splunk forwarder linux host properly connecting to splunk enterprise via ssl connection.

I have also made sure that the listening port (9997) is listened to by splunk. its the same port used by the other linux host to forward logs to

0 Karma

gejimenez
New Member

Hello there, 

I was having the same issue, and it turned out to be a problem with the installation. So, I just did a yum remove splunk* and removed the /opt/splunkforwarder home directory completely.  After, uninstalling and removing the splunk home directory, and I started spunk just fine and I was able to run the add monitor command without any issues. 

I'm running RHEL 8.x and issuing all of these commands via the Linux CLI. Splunk version is 9.1.2. I hope this helps. 

Respectfully. 

Guillermo 

Washington, DC

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...