I apologize if this is too brief, but I want to provide the information I know first.
I have a working Splunk environment currently, which has been running for years without issue. I noticed, however, when I rolled out a new Centos 7 box (The previous ones are Cent 6) the packages all install correctly and everything works (Splunkd starts but it has not been configured yet)
./splunk set deploy-poll myserver.domain.com:8089 -auth admin:*******
After setting up my deploy server (Same as I have on every other server), I can see the connections established as expected. Splunk does indeed pull down configs but then ~5-10 minutes later Splunk crashes.
From this point on start I get the following error :
Invalid key in stanza [tcpout] in /opt/splunkforwarder/etc/apps/XX/default/outputs.conf, line 4: isLoadBalanced (value: False).
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'
I have looked at the crash logs (As from this point Splunk will start but immediately crash), and the logs point to the IndexerPipe, but my base question is, are there known obvious caveats to consider when installing a config I have used on C6 servers on C7 servers? Because if there are, rather than try to work backwards through tons of errors that do not seem to make any sense, I should rule out the obvious stuff first.
I have been searching this site, as well as the greater internet for any mention of the issue I am having, but have found a lot of stuff that does not really match what I am seeing, so I am hoping someone has an idea what this can be and can give me a fresh lead to run down.
Note just to rule it out, I did disable SELINUX to confirm the behavior remains the same.
↧