https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565798#M37 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/177803">@lakshman239</a>&nbsp; I did run a health check before running stop-all and observed below error:</P><P>ui connect: &lt;hostname&gt; &lt;= curl failed to ui &lt;hostname&gt;<BR />curl: (7) Failed to connect to &lt;hostname&gt; port 443: Connection refused<BR />ui connect: sc2-splunk-uba-1 &lt;= curl failed to ui &lt;hostname&gt;<BR />curl: (7) Failed to connect to &lt;hostname&gt; port 443: Connection refused</P> Fri, 03 Sep 2021 13:28:03 GMT snisaxena 2021-09-03T13:28:03Z https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565744#M31 <P>Splunk UBA search head is down.</P><P>Even after restarting ui services, status is shown as active in CLI but GUI is not available.</P><P>Commands used to stop/start ui service:</P><P>sudo service caspida-ui stop<BR />&nbsp;sudo service caspida-ui start</P><P>&nbsp;</P><P>Status when checked in CLI:</P><P>● <FONT size="2">caspida-ui.service</FONT><BR /><FONT size="2">Loaded: loaded (/etc/init.d/caspida-ui; bad; vendor preset: enabled)</FONT><BR /><FONT size="2"><STRONG>Active: active (exited)</STRONG> since Fri 2021-09-03 05:53:12 UTC; 6min ago</FONT></P><P>I also tried rebooting the VM, but it doesn't help.</P><P>&nbsp;</P><P>Can I please get a suggestion around how to fix this?</P> Fri, 03 Sep 2021 06:02:44 GMT https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565744#M31 snisaxena 2021-09-03T06:02:44Z https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565783#M32 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/238048">@snisaxena</a>&nbsp; One option would be stop and start all services, so they start gracefully. Pls refer to -&nbsp;<A href="https://docs.splunk.com/Documentation/UBA/5.0.4.1/Admin/CLICommands" target="_blank">https://docs.splunk.com/Documentation/UBA/5.0.4.1/Admin/CLICommands</A>&nbsp;</P> Fri, 03 Sep 2021 12:11:31 GMT https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565783#M32 lakshman239 2021-09-03T12:11:31Z https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565793#M34 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/177803">@lakshman239</a>I ran /opt/caspida/bin/Caspida stop-all and it has been running since more than 2 hours now.<BR />I tried to exit and run /opt/caspida/bin/Caspida start-all. It was aborted with below message:</P><P>failed to check/update system configuration: aborting. see /var/vcap/sys/log/caspida/caspida.out</P> Fri, 03 Sep 2021 13:13:53 GMT https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565793#M34 snisaxena 2021-09-03T13:13:53Z https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565796#M36 <P>stop-all running for long time does indicate an underlying issue in the cluster.</P><P>Have you run the pre-check and post health checks using the latest available scripts? If not, please run them and perhaps raise a case with support attaching the output.</P> Fri, 03 Sep 2021 13:24:46 GMT https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565796#M36 lakshman239 2021-09-03T13:24:46Z https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565798#M37 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/177803">@lakshman239</a>&nbsp; I did run a health check before running stop-all and observed below error:</P><P>ui connect: &lt;hostname&gt; &lt;= curl failed to ui &lt;hostname&gt;<BR />curl: (7) Failed to connect to &lt;hostname&gt; port 443: Connection refused<BR />ui connect: sc2-splunk-uba-1 &lt;= curl failed to ui &lt;hostname&gt;<BR />curl: (7) Failed to connect to &lt;hostname&gt; port 443: Connection refused</P> Fri, 03 Sep 2021 13:28:03 GMT https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565798#M37 snisaxena 2021-09-03T13:28:03Z https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565799#M38 <P>did this setup work in the past? If so, has there been any changes to IP/host/dns resolution and/or firewall/connectivity? looks like connectivity/resolution issue</P> Fri, 03 Sep 2021 13:31:20 GMT https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565799#M38 lakshman239 2021-09-03T13:31:20Z https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565801#M39 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/177803">@lakshman239</a>&nbsp; I suspect so too. However, there is no confirmation from network team regarding any connection changes wrt firewall, etc.</P> Fri, 03 Sep 2021 13:42:18 GMT https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Splunk-UBA-is-down/m-p/565801#M39 snisaxena 2021-09-03T13:42:18Z