Indexer Splunkd services are not able to run

Path Finder

Please any one help on this

In indexer cluster environment one of the Indexer got stopped unable to start/restart
D:>cd spluk\bin
The system cannot find the path specified.
D:>cd splunk\bin
D:\Splunk\bin>.\splunk restart
Splunkd: Stopped
Splunk> All batbelt. No tights.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port []: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
(skipping validation of index paths because not running as
Validated: audit _internal _introspection _telemetry _thef
ishbucket aws
anomalydetection awstopologydailysnapshot awstopologyhi
story awstopologymonthlysnapshot awstopologyplayback awsvpcflowlogs
history main summary
Bypassing local license checks since this instance is configured with a rem
ote license master.
Checking filesystem compatibility... Done
Checking conf files for problems...
Checking default conf files for edits...
Validating installed files against hashes from 'D:\Splunk\splunk-7.
All installed files intact.
Checking replication_port port [7778]: open
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Splunkd: Starting (pid 6420)
Timed out waiting for splunkd to start.

please provide the solution if any one knows.

05-18-2020 07:31:58.157 +0000 INFO ServerRoles - Declared role=clusterslave.
05-18-2020 07:31:58.157 +0000 INFO ServerRoles - Declared role=indexer.
05-18-2020 07:31:58.157 +0000 INFO ClusteringMgr - initing clustering with: ht=60.000 rf=3 sf=2 ct=60.000 st=60.000 rt=60.000 rct=60.000 rst=60.000 rrt=60.000 rmst=180.000 rmrt=180.000 icps=-1 sfrt=600.000 pe=1 im=0 is=1 mob=5 mor=5 mosr=5 pb=5 rep
port=port=7778 isSsl=0 ipv6=0 cipherSuite= ecdhCurveNames= sslVersions=SSL3,TLS1.0,TLS1.1,TLS1.2 compressed=1 allowSslRenegotiation=1 dhFile= reqCliCert=0 serverCert= rootCA= commonNames= alternateNames= pptr=10 fznb=10 Empty/Default cluster pass4symmkey=true allow Empty/Default cluster pass4symmkey=true rrt=restart dft=180 abt=600 sbs=1
05-18-2020 07:31:58.172 +0000 INFO ClusteringMgr - Initializing node as slave
05-18-2020 07:31:58.172 +0000 INFO BucketReplicator - Initializing BucketReplicatorMgr
05-18-2020 07:31:58.219 +0000 INFO CMServiceThread - CMHealthManager starting eloop
05-18-2020 07:31:58.235 +0000 INFO CMBundleMgr - bundle=D:\Splunk\var\run\splunk\cluster\remote-bundle\2df598296706d9846433003de4c7a927-1589221919.bundle, checksum=5F5C9F53A58CD618B69209EBC5D92286 found on the slave
05-18-2020 07:31:58.235 +0000 INFO CMBundleMgr - setting active bundle= to latest bundle=6F0874F9DA123EA345D25A77F6D3CAFA
05-18-2020 07:31:58.235 +0000 INFO CMSlave - event=getActiveBundle status=success path=D:\Splunk\var\run\splunk\cluster\remote-bundle\83209f7543173582062b08f2b77fcde0-1589259155.bundle cksum=6F0874F9DA123EA345D25A77F6D3CAFA alreadyin=0
05-18-2020 07:31:58.235 +0000 ERROR CMSlave - event=move downloaded bundle to slave-apps failed with err="failed to remove dir=D:\Splunk\etc\slave-apps.old (There are no more files.)" even after multiple attempts, Exiting..
05-18-2020 07:31:58.235 +0000 ERROR loader - Failed to download bundle from master, err="failed to remove dir=D:\Splunk\etc\slave-apps.old (There are no more files.)", Won't start splunkd.

0 Karma

Re: Indexer Splunkd services are not able to run


Check the ownership and permissions on D:\Splunk\etc\slave-apps.old

If this reply helps you, an upvote would be appreciated.
0 Karma