anthonybrochu
commented
1 year ago I'm also having the same problem, the splunkd never launches, except when reverting to version 8.2.9
Open alexeadem opened 1 year ago
anthonybrochu
commented
1 year ago I'm also having the same problem, the splunkd never launches, except when reverting to version 8.2.9
Adam2Marsh
commented
1 year ago I've raised this to splunk via there support portal; case ref is 3200123
Will update this once I hear back.
Adam2Marsh
commented
1 year ago This looks to be a duplicate of https://github.com/splunk/docker-splunk/issues/557
Adam2Marsh
commented
1 year ago I got the following response; it's a known issue
This is a known Docker bug, its currently working in progress with Expected fix: 9.1.0 As of now the workaround is as follows
Workaround:
Or this can be confgured:
I've asked for a date when version 9.1.0 will be released.
Adam2Marsh
commented
1 year ago This was fixed in 9.0.5; I haven't tested it myself but assured it is.
flaken2000
commented
1 year ago Found this issue today because I've been having this exact issue with version 9.0.5. So it is not fixed with 9.0.5. Looks like will need to stick with 8.2X until version 9.1.0 is released with a fix for this issue.
gergelydavidwork
commented
1 year ago Same here @flaken2000 , it is NOT fixed with 9.0.5! :(
tnedeczki
commented
1 year ago I can't believe why it's taking so much time to fix this bug, which has been going on since September (https://github.com/splunk/docker-splunk/issues/557). Instead, you have to use 8.2.X versions which are quite risky from a security point of view.
The whole ansible process gets stuck when it comes to a task where it needs to call ./splunk.
For example:
If you go inside the container and kill of those process, you will get the following error message:
Error calling execve(): No such file or directory
Error launching command: Invalid argumentI can't believe why it's taking so much time to fix this bug, which has been going on since September (#557). Instead, you have to use 8.2.X versions which are quite risky from a security point of view.
The whole ansible process gets stuck when it comes to a task where it needs to call ./splunk.
For example:
- get_splunk_status task: https://github.com/splunk/splunk-ansible/blob/develop/roles/splunk_common/tasks/get_splunk_status.yml#L10
- if the following SPLUNK_BEFORE_START_CMD flag is used, this task will also be stuck: pre_splunk_start_commands https://github.com/splunk/splunk-ansible/blob/develop/roles/splunk_common/tasks/pre_splunk_start_commands.yml
If you go inside the container and kill of those process, you will get the following error message:
Error calling execve(): No such file or directory Error launching command: Invalid argument
It's been almost 1 year since it was broken :(
Adam2Marsh
commented
1 year ago Hey All,
Re-raising back to splunk now... as I've doubled check and yep you still need the workaround to make 9.0.5
adityapinglesf
commented
1 year ago 9.0.5 was updated yesterday. I was able to get the UF running with the following command -
docker run -p 8000:8000 -p 8089:8089 -e "SPLUNK_PASSWORD=trypass@" -e "SPLUNK_START_ARGS=--accept-license" --name uf-1 -it splunk/universalforwarder:9.0.5Can you try now with the newly released image?
tnedeczki
commented
1 year ago Hi @adityapinglesf
Thanks, it is working now.
flaken2000
commented
1 year ago Confirmed! Working for us too.
shankar1294
commented
4 months ago Hi, I am facing the same above error in 9.x versions. I am using this linux command to start the splunk server. /opt/splunkforwarder/bin/splunk start --accept-license This command works with lower versions. Can anyone pls help?
Image: splunk/universalforwarder:latest
You can reproduce it with:
https://github.com/splunk/docker-splunk/blob/develop/test_scenarios/1uf1so.yaml
or as described here:
https://splunk.github.io/docker-splunk/EXAMPLES.html#create-standalone-and-universal-forwarder
Universal forwardernever starts with the the following error:=> Working fine in 8.2.9.