Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why can't Universal Forwarders run?

hhhwang
Explorer
‎08-21-2022 09:50 PM

 

KakaoTalk_20220822_102553380_02.jpg

The universal forwarder was used well, but one day it suddenly stopped and no longer runs. Why is this happening?

The execution environment is as follows:

Windows7 32bit

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-21-2022 10:29 PM

Hi @hhhwang,

which is the Splunk UF version?

Probably it's an old version and the certificate is expired.

For more infos see at https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigureandinstallcertificatesforLogObs...

In few words:

In Windows run :

C:\Program Files\splunk\bin> openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem

In Linux run:

openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

If it has been expired then rename /opt/splunk/etc/auth/server.pem to server.pem.back and restart splunkd.

./splunk restart

This will regenerate the server.pem file and renew the certificate.

Ciao.

Giuseppe

Reply

hhhwang
Explorer
‎08-21-2022 10:47 PM

Thanks, gcusello.

Splunk UF version is 6.4.10.

I'll try to solve it in the way you told me.

But it's been about a month since I installed it, so can I know why the certificate has expired?

0 Karma
Reply

jotne
Builder
‎08-21-2022 11:18 PM

Latest Splunk Universal Forward agent is 9.0 at the time of writing.

Do an upgrade and see if you still have problem.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-21-2022 10:52 PM

Hi @hhhwang,

I see that it's a very old version of Splunk UF, but probably you're using it on a very old Windows version, is this the latest certified version of UF for that Windows?

In addition, I'm not sure that UF 6.4.10 is compatible with the latest Splunk versions.

I hint to open a case to Splunk Support to identify the correct UF version to use.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...