- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Has anyone come across the error "The SplunkForwar...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has any one come across the following error and if any fix worked without reinstalling the forwarder..?
The SplunkForwarder service on Local
Computer started and then stopped.
Some services stop automatically if
they are not in use by other services
or programs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes, unfortunately the only solution we have found is to reboot the server. We are still looking for a better solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It was a bug, after upgrading to newer version it was fixed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
which version was this fixed in? It recently occurred on a Windows server with version 7.2.1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Windows doesn't provide much detail in that error message, so it could be a wide variety of things. If Splunk stopped for some reason other than a bug, there should be information in the Splunk service's log. Most of Splunk's internal logging gets sent to a text file rather than the Windows event log.
Look in C:/Program Files/Splunk/var/log/splunkd.log (slashes reversed so they show up in this editor)
There's a good chance it will have logged an error indicating what went wrong. You may want to move/rename the file and try starting Splunk again so that you have only one startup attempt in the log, making it easier to read.
If Splunk experienced a hard crash, there should be also be a crashdump file in that same folder.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't see any logs making entry in splunkd.log.. i think because splunk is not even starting hence there is no logging activity taking place. i was expecting crashdump log but unfortunately i don't even see that..
After researching on web, i don't see the resolutions works for me. as service properties are already mapped with Local System Account. Have sufficient storage available on the drives. Also Event Viewer only shows error for Service Failed. The resolution i strongly feel is to reinstall. but i need to find RCA before i do that..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
were you able to find the root cause
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can go to the services.msc from run, and see what user is present for that service that you have created. I believe it should be "Local System Account"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, its Local System Account
Splunk Custom Visualizations App End of Life
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
