Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk universal forwarder crashes frequently- What is causing these errors?

lawrence_magpoc
Path Finder
‎11-09-2022 09:07 AM

After upgrading our universal forwarder to 9.0.1, it started crashing almost everyday. I looked at the splunkd.log and saw these errors:

11-09-2022 10:48:18.422 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5669
11-09-2022 10:48:18.422 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5669
11-09-2022 10:48:18.423 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5670
11-09-2022 10:48:18.423 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5670
11-09-2022 10:48:18.429 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5677
11-09-2022 10:48:18.429 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5677

How do I know what's causing these errors?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lawrence_magpoc
Path Finder
‎04-28-2023 10:25 AM

I fixed the problem by adding this to my config:

autoBatch=false

I got the solution from this thread:
https://community.splunk.com/t5/Getting-Data-In/Why-this-error-after-upgrade-to-9-0-quot-ERROR-TcpOu...

View solution in original post

Reply
Solved! Jump to solution
Solution

lawrence_magpoc
Path Finder
‎04-28-2023 10:25 AM

I fixed the problem by adding this to my config:

autoBatch=false

I got the solution from this thread:
https://community.splunk.com/t5/Getting-Data-In/Why-this-error-after-upgrade-to-9-0-quot-ERROR-TcpOu...

Reply
Solved! Jump to solution

anandhalagaras1
Contributor
‎02-08-2024 04:09 AM

 

@lawrence_magpoc ,

I am running with Splunk Universal Forwarder 9.0.2 in one of my Linux client machine and recently for the past couple of days i am getting this events in the internal logs and it seems like its getting crashed and once again the service is getting started automatically.

[build 17e00c557dc12024-02-08 05:26:15 Received fatal signal 6 (Abortedon PID 1908113. Cause: Signal sent by PID 1908113 running under UID 9991. Crashing thread: TcpOutEloop Registers: RIP: [0x00007F65EB39AACFgsignal + 271 (libc.so.6 + 0x4EACF)

 

ERROR TcpOutputQ [1908232 TcpOutEloop- Unexpected event id=30

ERROR TcpOutputQ [1908232 TcpOutEloop] - Unexpected event id=29

 

So how to fix this issue and also in which config file we need to add in the client machine where UF is running.

autoBatch=false

 

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-14-2022 01:35 PM

Consider contacting Splunk Support for help with that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...