×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
lackey
Explorer
Member since: ‎03-05-2025
‎04-08-2025
Community Statistics
Posts 4
Solutions 1
Karma Given 1
Karma Received 3
Member Since ‎03-05-2025
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Splunkforwarder Startup Error in Docker contai...

by in Getting Data In
‎04-08-2025 09:02 AM
‎04-08-2025 09:02 AM
I worked with Splunk Support and it turns out there is a known issue (a regression with one of their python libs). You can work around this by setting the environment variable ENABLE_TCP_MODE to true either at the docker run command line (-e ENABLE_TCP_MODE=true) or in your compose file (be sure if using list context to leave true unquoted). ... View more

Re: Splunkforwarder Startup Error in Docker contai...

by in Getting Data In
‎03-05-2025 01:19 PM
1 Karma
‎03-05-2025 01:19 PM
1 Karma
To clarify, my container has a restart policy of "unless-stopped", so when the container exits after the failed ansible task, docker is restarting it. If you run it without that policy, it will run one, fail the ansible task, and exit. ... View more

Re: Splunkforwarder Startup Error in Docker contai...

by in Getting Data In
‎03-05-2025 12:36 PM
2 Karma
‎03-05-2025 12:36 PM
2 Karma
It looks like the container is continually restarting. It fails that last task, aborts, and the container restarts. Splunk UF does start up as I see logs from the container in my lab's _internal index. This looks to have changed ~7 days ago. This appears to be a broken image. Tags latest, 9.4, 9.3, 9.2, etc. Tag 9.3.2 from 4 months ago works as expected. https://hub.docker.com/r/splunk/universalforwarder/tags ... View more

Re: Splunkforwarder Startup Error in Docker contai...

by in Getting Data In
‎03-05-2025 12:07 PM
‎03-05-2025 12:07 PM
I think you missed the part @kiran_panchavat where @samuel-devops said splunk is up running fine. For what it's worth, I've experienced the same thing with tags latest/9.4, 9.3, and 9.2. That last task (check_for_required_restarts) fails, but everything seems to start up fine. I will point out that this is new behavior. tag 9.3.2 for example is 4 months old and finishes it's ansible "init" as expected. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-08-2025 08:55 AM
Karma from
View All
Karma given to
View All