Splunk Universal Forwarder running in windows. UF ver is 6.2.1
The very last entry in splunkd.log is 10-27-2017 16:19:19.825 -0400 ERROR AdminHandler:ServerControl - forcing shutdown since it did not complete in 360 seconds
When we try to start the service, it goes through the sequence of veryfing ports and configuration everything seems like is going to start then immediately get that the service has stopped.
Nothing gets written to logs except to splunkd-utility.log, when looked at this file I couldn't find anything obvious.
Tried to enable debug pretty much everywhere but again nothing gets written to logs.
Rebooting the windows server where this forwarder is installed seems to resolved the issue but I'm interested in knowing what condition could the forwarder be encountering during startup to cause this behavior.
The messages in splunkd prior to stop are below
10-27-2017 16:13:18.839 -0400 INFO DeployedApplication - Checksum mismatch 12852313919059407491 <> 17817335707338687324 for app=X. Will reload from='deploymentserver:8089/services/streams/deployment?name=default:myapp:myapp_inputs'
10-27-2017 16:13:19.198 -0400 INFO DeployedApplication - Downloaded url=deploymentserver:8089/services/streams/deployment?name=default:myapp:myapp_inputs to file='C:\Program Files\SplunkUniversalForwarder\var\run\myapp\myapp_inputs-1509132847.bundle' sizeKB=10
10-27-2017 16:13:19.214 -0400 INFO DeployedApplication - Installing app=myapp_inputs to='C:\Program Files\SplunkUniversalForwarder\etc\apps\myapp_inputs'
10-27-2017 16:13:19.667 -0400 WARN DC:DeploymentClient - Restarting Splunkd...
10-27-2017 16:13:41.245 -0400 INFO TcpOutputProc - Connected to idx=1.1.1.1:9996 using ACK.
10-27-2017 16:14:12.167 -0400 INFO TcpOutputProc - Closing stream for idx=1.1.1.1:9996
10-27-2017 16:19:19.825 -0400 ERROR AdminHandler:ServerControl - forcing shutdown since it did not complete in 360 seconds
↧