Solved: Splunk universal forwarder crashes frequently- Wha...

lawrence_magpoc · ‎11-09-2022

After upgrading our universal forwarder to 9.0.1, it started crashing almost everyday. I looked at the splunkd.log and saw these errors:

11-09-2022 10:48:18.422 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5669
11-09-2022 10:48:18.422 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5669
11-09-2022 10:48:18.423 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5670
11-09-2022 10:48:18.423 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5670
11-09-2022 10:48:18.429 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5677
11-09-2022 10:48:18.429 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5677

How do I know what's causing these errors?

lawrence_magpoc · ‎04-28-2023

I fixed the problem by adding this to my config:

autoBatch=false

I got the solution from this thread:
https://community.splunk.com/t5/Getting-Data-In/Why-this-error-after-upgrade-to-9-0-quot-ERROR-TcpOu...

View solution in original post

lawrence_magpoc · ‎04-28-2023

I fixed the problem by adding this to my config:

autoBatch=false

I got the solution from this thread:
https://community.splunk.com/t5/Getting-Data-In/Why-this-error-after-upgrade-to-9-0-quot-ERROR-TcpOu...

richgalloway · ‎11-14-2022

Consider contacting Splunk Support for help with that.

---
If this reply helps you, Karma would be appreciated.

Splunk universal forwarder crashes frequently- What is causing these errors?

other

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)