×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
batchenr
New Member
Member since: ‎11-19-2020
‎12-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-19-2020
View All

Re: splunkforwarder-8.1.0 New installation on Ubun...

by in Installation
‎12-05-2020 09:26 AM
‎12-05-2020 09:26 AM
Problem was splunk server having its own firewall so we needed to add ip there. thanks ... View more

Re: splunkforwarder-8.1.0 New installation on Ubun...

by in Installation
‎11-23-2020 01:32 AM
‎11-23-2020 01:32 AM
What do you mean "the .tgz installer." any links to that or a guide please? i did the chown -R  with user splunk  and boot-enable I see in the logs : 11-23-2020 09:27:13.491 +0000 INFO ScheduledViewsReaper - Scheduled views reaper run complete. Reaped count=0 scheduled views 11-23-2020 09:27:13.491 +0000 INFO CascadingReplicationManager - Using value for property max_replication_threads=2. 11-23-2020 09:27:13.491 +0000 INFO CascadingReplicationManager - Using value for property max_replication_jobs=5. 11-23-2020 09:27:13.514 +0000 INFO TcpOutputProc - Removing quarantine from idx=X.X.X.X:9997 11-23-2020 09:27:13.514 +0000 WARN TcpOutputFd - Connect to X.X.X.X:9997 failed. No route to host 11-23-2020 09:27:13.514 +0000 ERROR TcpOutputFd - Connection to host=X.X.X.X:9997 failed 11-23-2020 09:27:13.515 +0000 WARN TcpOutputFd - Connect to X.X.X.X:9997 failed. No route to host 11-23-2020 09:27:13.515 +0000 ERROR TcpOutputFd - Connection to host=X.X.X.X:9997 failed 11-23-2020 09:27:13.515 +0000 WARN TcpOutputProc - Applying quarantine to ip=X.X.X.X port=9997 _numberOfFailures=2   I cant make it start and FW is ok. we have checked i think i, installing it wrong and all guides are the same.. i need some guide.   also i don't know how to open a ticket. ============================== Full seconds iinstall from tgz same results: tar xvzf splunkforwarder-8.1.0-f57c09e87251-Linux-x86_64.tgz -C /opt chown -R splunk:splunk /opt/splunkforwarder/ /opt/splunkforwarder/bin/splunk enable boot-start -systemd-managed 0 --accept-license --answer-yes --no-prompt --seed-passwd XXX ./splunk start   Splunk> Australian for grep.   Checking prerequisites...         Checking mgmt port [8089]: open                 Creating: /opt/splunkforwarder/var/lib/splunk                 Creating: /opt/splunkforwarder/var/run/splunk                 Creating: /opt/splunkforwarder/var/run/splunk/appserver/i18n                 Creating: /opt/splunkforwarder/var/run/splunk/appserver/modules/static/css                 Creating: /opt/splunkforwarder/var/run/splunk/upload                 Creating: /opt/splunkforwarder/var/run/splunk/search_telemetry                 Creating: /opt/splunkforwarder/var/spool/splunk                 Creating: /opt/splunkforwarder/var/spool/dirmoncache                 Creating: /opt/splunkforwarder/var/lib/splunk/authDb                 Creating: /opt/splunkforwarder/var/lib/splunk/hashDb New certs have been generated in '/opt/splunkforwarder/etc/auth'.         Checking conf files for problems...         Done         Checking default conf files for edits...         Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-x86_64-manifest'         All installed files intact.         Done All preliminary checks passed.   Starting splunk server daemon (splunkd)... Done   Same error with logs: 11-23-2020 10:24:40.031 +0000 WARN  TcpOutputFd - Connect toX.X.X.X10:9997 failed. No route to host ... View more

splunkforwarder-8.1.0 New installation on Ubuntu18...

by in Installation
‎11-19-2020 04:27 AM
‎11-19-2020 04:27 AM
Hey,   I have just download and try to install  splunkforwarder but it gives me an error: #download package like this:     wget -O splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.1.0&product=universalforwarder&filename=splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb&wget=true' dpkg -i splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb (Reading database ... 118207 files and directories currently installed.) Preparing to unpack splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb ... This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server... splunkd is not running. Unpacking splunkforwarder (8.1.0) over (8.1.0) ... Setting up splunkforwarder (8.1.0) ... cp: cannot stat '/opt/splunkforwarder/etc/regid.2001-12.com.splunk-UniversalForwarder.swidtag': No such file or directory complete     machine info :     DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS" NAME="Ubuntu" VERSION="18.04.2 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.2 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic     What should i do ?   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-05-2020 12:47 PM