I have installed the Splunk Universal Forwarder version 6.3.4 on a RedHat 7.1 server and, after disabling the management port the splunkd process crashes. For disabling the default port we use an app with server.conf as follows:
disableDefaultPort = true
This configuration works fine with older versions of Splunk Universal forwarder like 6.1.6 or 6.2.5
Any suggestions?
is that configuration directive within the [httpServer] stanza?
no, it's not with the [httpServer] stanza
Worked with the [httpServer] stanza. Thanks a lot!
I converted this to an answer. Please mark it as the correct one.
If its crashing, you should see a crash log in the var/log/splunk directory. Try stripping out any other changes you've made to the forwarder, and just try restarting with the management port disabled. Does it still crash? You might want to open a support ticket for this.
Yes, there's a crash file in /var/log/splunk directory. Restarting splunk with the management port disabled makes it crash again and again.
Any reason to use 6.3.4? You may try the newer builds: 6.3.6 or 6.4.2 and see if it works.