Getting Data In

WARN TcpOutputProc - Forwarding to indexer group proidx blocked for 249600 seconds. in splunkd.log?

pavanae
Builder

After configuring everything I couldn't able to index the data while was checking in the splunkd.log. I could see the following warnings occuring repeatedly

01-11-2016 14:46:25.760 -0500 WARN TcpOutputProc - Cooked connection to ip=10.200.32.13:9997 timed out
01-11-2016 14:46:38.951 -0500 WARN TcpOutputProc - Forwarding to indexer group proidx blocked for 249600 seconds.

What does that mean?How can i index the data sucessfully?

1 Solution

jbsplunk
Splunk Employee
Splunk Employee
Cooked connection to ip=10.200.32.13:9997 timed out

Means that a SYN has been sent to establish a tcp connection, but no ACK was received in response to the SYN. This could be due to network trouble, a firewall, router, switch, or other general connectivity problem.

I would first check to ensure that 10.200.32.13 is actually listening on port 9997 via a tool like netstat.

If it is, I'd suggest manually connecting via telnet or netcat to the port from the forwarding box. Chances are this won't be successful, so then you'd need to examine the infrastructure via a network capture using a tool like tcpdump to validate that the data is sent, and has arrived at the destination.

Unfortunately, the error is fairly generic and as such only general advise can be provided.

View solution in original post

jbsplunk
Splunk Employee
Splunk Employee
Cooked connection to ip=10.200.32.13:9997 timed out

Means that a SYN has been sent to establish a tcp connection, but no ACK was received in response to the SYN. This could be due to network trouble, a firewall, router, switch, or other general connectivity problem.

I would first check to ensure that 10.200.32.13 is actually listening on port 9997 via a tool like netstat.

If it is, I'd suggest manually connecting via telnet or netcat to the port from the forwarding box. Chances are this won't be successful, so then you'd need to examine the infrastructure via a network capture using a tool like tcpdump to validate that the data is sent, and has arrived at the destination.

Unfortunately, the error is fairly generic and as such only general advise can be provided.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...