
Known issues
This topic lists known issues that are specific to the universal forwarder. For information on fixed issues, see Fixed issues.
Universal forwarder issues
Date filed | Issue number | Description |
---|---|---|
2023-10-17 | SPL-245807, SPL-246456, SPL-246545, SPL-246546 | Splunk AIX UF crashing when failed to connect to indexers |
2023-09-08 | SPL-244414 | Crashing in TcpOutEloop thread after upgrade from 9.1.x |
2022-08-17 | SPL-228646, SPL-228645 | Restart is needed when AWS access key pairs rotate (w/o grace period) or other S3 config settings for Ingest Actions become invalid |
2022-06-23 | SPL-226019 | Warning appears in the universal forwarder whenever any spl command is run: Warning: Attempting to revert the SPLUNK_HOME ownership Warning: Executing "chown -R splunk /opt/splunkforwarder". This warning is expected and will not affect functionality. |
2022-06-06 | SPL-225379 | Ownership of files mentioned in manifest file is splunk:splunk instead of root:root after enabling boot start as root user for initd Workaround: When changing UF user, manually chown SPLUNK_HOME to the new user, including first time install/upgrade, or manually enable boot-start. |
2022-05-13 | SPL-224167 | Splunk UF for CentOS-7 (ARM64) is not available Workaround: UF for CentOS7 ARM 64 will be available in the 9.0.1 maintenance release. |
2022-03-23 | SPL-221239 | System Introspect App fails when universal forwarder is installed at non-admin user |
2020-11-09 | SPL-197140, SPL-234386 | UF failed to start on Solaris 11.3 with error: "symbol in6addr_any: referenced symbol not found" Workaround: 1. Do not upgrade past Splunk 8.0.5 on Solaris 11.3 OR
2. Upgrade to Solaris 11.4 |
2017-03-14 | SPL-138731 | New 6.6 and later default SHA256/2048-bit key certificates are not compatible with previous versions SHA1/1024-bit key certificates if cert verification is enabled Workaround: Users can do any of the following: 1. Disable certificate verification - the same root certificate is available with every Splunk download so enabling certificate verification while using the default certificates provides very little additional security. 2. Generate new SHA256/2048-bit key certificates using the new 6.6 root certificate and distribute to older versions of Splunk 3. Generate SHA1/1024-bit key certificates using the old root certificate to use with your new 6.6 instance. For convenience, the old root certificate is included in 6.6 in $SPLUNK_HOME/etc/auth/prev_release/ |
PREVIOUS Troubleshoot the universal forwarder |
NEXT Fixed issues |
This documentation applies to the following versions of Splunk® Universal Forwarder: 9.1.1
Feedback submitted, thanks!