Hi,
I am setting up a Splunk universal forwarder by pulling the universalforwarder docker image from docker-hub and as part of docker run command I also add forward-server like below:
docker run -e SPLUNK_START_ARGS="--accept-license --answer-yes --no-prompt" -e SPLUNK_ADD="monitor , forward-server $INDEXER:$PORT " splunk/universalforwarder:latest
This works fine first time, however, if I restart the docker container, it tries to add the forward-server again and throws the below exception
"TCPOut - forwarded-server already present" in the splunkd.log
I tried -e "SPLUNK_FORWARD_SERVER" but it didn't add the forward-server at all.
This seems to me like an idempotency issue where the splunk-ansible should not have tried to add again when the forward-server already exist.
Any help or thoughts appreciated.
Thanks,
Chinmaya
... View more