All Apps and Add-ons

Using Splunk on t2.micro Linux instance, why does the splunkd service need to be restarted to keep it running and how do I resolve this?

New Member


I have a t2.micro Linux instance running as a Splunk node. The Splunk instance sometimes doesn't pass status checks on AWS. When I stop and restart the instance again, it works. I SSH into the instance and check the status every time I cannot access the home page. It shows that the splunkd is not running. I restart the process and then I can access the Splunk page on port 8000 again. Please help me resolve this issue.

Thank you.

0 Karma


The t2.micro instance has 1 (burstable) cpu and 1 GB of memory, which barely meet the Splunk minimum hw requirements. How much data are you pushing onto this system? How many users are accessing the UI? It's likely the process is crashing due to resource constraints. There are a couple of ways you can check this.

First, look at /opt/splunk/var/log/splunk and check for crash files. These files indicate the process crashed unexpectedly. If you have a support contract Splunk can use these files to help determine the cause of the crash.

Look at the sourcetype=splunkd log files from your instance at the time of the crash. Are there any errors or warnings that might indicate a problem?

Check the cloudwatch metrics for this instance. How is the CPU utilization? Disk and network IO? If you have the CW agent enabled, check memory utilization. You can also look at detailed host metrics collected by Splunk in the _introspection index. Check the DMC for any indications of resource constraints, especially memory.

0 Karma
Get Updates on the Splunk Community!

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...