Splunk Search

Splunk universal forwarder crashes frequently- What is causing these errors?

lawrence_magpoc
Explorer

After upgrading our universal forwarder to 9.0.1, it started crashing almost everyday. I looked at the splunkd.log and saw these errors:

11-09-2022 10:48:18.422 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5669
11-09-2022 10:48:18.422 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5669
11-09-2022 10:48:18.423 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5670
11-09-2022 10:48:18.423 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5670
11-09-2022 10:48:18.429 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5677
11-09-2022 10:48:18.429 -0500 ERROR TcpOutputQ [25141 TcpOutEloop] - Unexpected event id=5677

How do I know what's causing these errors?

Labels (1)
Tags (2)
0 Karma
1 Solution

lawrence_magpoc
Explorer

I fixed the problem by adding this to my config:

autoBatch=false

I got the solution from this thread:
https://community.splunk.com/t5/Getting-Data-In/Why-this-error-after-upgrade-to-9-0-quot-ERROR-TcpOu...

View solution in original post

lawrence_magpoc
Explorer

I fixed the problem by adding this to my config:

autoBatch=false

I got the solution from this thread:
https://community.splunk.com/t5/Getting-Data-In/Why-this-error-after-upgrade-to-9-0-quot-ERROR-TcpOu...

richgalloway
SplunkTrust
SplunkTrust

Consider contacting Splunk Support for help with that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

We’ve been shouting it from the rooftops! The findings from the 2023 Splunk Career Impact Report showing that ...

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...