- Community
- :
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Unable to start Splunk forwarder
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Maybe someone here could help me as i have issue on starting the SPLUNK forwarder.
Here's the full error upon trying to start the forwarder
Checking prerequisites...
Management port has been set disabled; cli support for this configuration is currently incomplete.
Checking conf files for typos... Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Error loading logging config file
Timed out waiting for splunkd to start.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
I resolved the issue by commenting JSON lines from log.cfg
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
I resolved the issue by commenting JSON lines from log.cfg
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
You should be able to see more specific errors in /opt/splunk/var/log/splunk/splunkd.log.
Share some of the log if you're not able to determine what the problem is.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- Could you please share some more information from splunkd.log
- Could be a possibility something is wrong with log.cfg file < PATH: $SPLUNK_HOME/etc/log.cfg >
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-08-2019 17:22:55.806 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:263: Pa
rse error at "appender.idata_ResourceUsage.serialization=JSON"
07-08-2019 17:22:55.807 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:273: Pa
rse error at "appender.idata_DiskObjects.serialization=JSON"
07-08-2019 17:25:56.521 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:263: Pa
rse error at "appender.idata_ResourceUsage.serialization=JSON"
07-08-2019 17:25:56.522 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:273: Pa
rse error at "appender.idata_DiskObjects.serialization=JSON"
07-12-2019 07:00:43.255 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:263: Pa
rse error at "appender.idata_ResourceUsage.serialization=JSON"
07-12-2019 07:00:43.255 -0500 WARN Logger - $SPLUNK_HOME/etc/log.cfg:273: Pa
rse error at "appender.idata_DiskObjects.serialization=JSON"
Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!
Catch Up Now >>
