I had deleted a rouge log file which had become too large and caused the root partition to fill up. The log file has since been regenerated by the application and is now no longer shipping to spunk.
I have tried to "splunk restart -auth USER:PASSWORD" but receive the bellow error.
splunkd is not running.
Splunk> Like an F-18, bro.
Checking mgmt port : open
Checking conf files for problems...
Invalid key in stanza [tcpout:splunkcloud] in /opt/splunkforwarder/etc/apps/100_splunkcloud/default/outputs.conf, line 16: cipherSuite ( REMOVED).
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64-manifest'
All installed files intact.
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Bad Option -a
Usage: splunkd [OPTION...]
--nodaemon causes the system not to daemonize
-c STRING override the config path
-h no longer supported
-i no longer supported
-n STRING the component name to start with
-p INT the management port Splunkd will listen on
--debug start with debug log config
-?, --help Show this help message
--usage Display brief usage message
05-03-2019 05:51:16.268 +0000 ERROR TailReader - File will not be read, seekptr checksum did not match (file=/home/jenkins/consolidation.log). Last time we saw this initcrc, filename was different. You may wish to use larger initCrcLen for this sourcetype, or a CRC salt on this source. Consult the documentation or file a support case online at http://www.splunk.com/page/submit_issue for more info.
... View more