All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

*NIX app causing Splunkd to take forever restarting

mundus
Path Finder
‎07-14-2011 12:00 PM

We're running Splunk 4.2.1 build 98164 on Ubuntu 2.6.32-32-server. When the *NIX app is installed, Splunk takes several minutes to shutdown and the indexes come up as needing repair each time. If I remove the app, Splunk restarts quickly and without any index problems.

What's the best way to figure out what the problem is with the *NIX app?

Thx.

Craig

0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎07-14-2011 03:38 PM

The nix app is heavily dependent on scripted inputs. These scripted input jobs **could* be running long and Splunk is waiting for them all to finish. I know the default netstat.sh does not give the "-n" option to netstat, which causes it to do name resolution (which can take a while if there's a lot of varying names to resolve).

When you are waiting on Splunk to shut down, try running something like this to see if Splunk is waiting on hanging out processes.

ps -ef | grep splunkd   # this should list two splunkd processes, one a child of the other.
# the child is the interesting one
while [ 1 ]; do pgrep -P <child_pid> | xargs -r ps -fp; done

This for loop is expensive, because it is busy waiting. But it'll give you a hint at least if Splunk is waiting on scripted inputs to finish.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...