Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk not restart

arun_kant_sharm
Path Finder
‎05-20-2020 11:04 PM

alt textHi experts,
I try to restart our splunk server, but its not start.

Earlier I try to start from UI, but it not start.
I also try to reboot if using CLI, but dont see any thing on console

I am using Splunk 7.2 in AWS EC2 instance (Amazon 1) , I am using splunk on that environment from last one year.

$SPLUNK_HOME/bin/splunk -version
$SPLUNK_HOME/bin/splunk -version
Splunk 7.2.6 (build c0bf0f679ce9)

uname -a
Linux abcdXyz 4.14.123-86.109.amzn1.x86_64 #1 SMP Mon Jun 10 19:44:53 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

strace /opt/splunk/bin/splunk start
execve("/opt/splunk/bin/splunk", ["/opt/splunk/bin/splunk", "start"], [/ 50 vars /]) = -1 ENOEXEC (Exec format error)
write(2, "strace: exec: Exec format error\n", 32strace: exec: Exec format error
) = 32
exit_group(1) = ?
+++ exited with 1 +++

Tags (1)
Preview file
1 KB
0 Karma
Reply

ayush1906
Path Finder
‎05-21-2020 07:48 PM

Hi Arun,

You are logged in as root user, and that does not have access to restart splunk.
Either do -> sudo su - splunk , then give restart command

or use chown command to change the owner to splunk then it will surely work.

Kindly accept this as answer if it works for you 🙂

0 Karma
Reply

arun_kant_sharm
Path Finder
‎05-21-2020 07:28 PM

ll splunk*
-r-xr-xr-x 1 splunk splunk 0 May 21 04:13 splunk
-r-xr-xr-x 1 splunk splunk 49356952 Apr 11 2019 splunkd
-r-xr-xr-x 1 splunk splunk 465 Apr 11 2019 splunkdj
-r-xr-xr-x 1 splunk splunk 21904 Apr 11 2019 splunkmon
-r-xr-xr-x 1 splunk splunk 295008 Apr 11 2019 splunk-optimize
-r-xr-xr-x 1 splunk splunk 291136 Apr 11 2019 splunk-optimize-lex

I don't know why my env splunk binary deleted, I only try to restart from UI. After replacing it from the other env, its working fine.

0 Karma
Reply

PavelP
Motivator
‎05-21-2020 01:36 AM

Hello @arun_kant_sharma

please try prepend strace to see more

strace /opt/splunk/bin/splunk start
0 Karma
Reply

arun_kant_sharm
Path Finder
‎05-21-2020 03:13 AM

strace /opt/splunk/bin/splunk start
execve("/opt/splunk/bin/splunk", ["/opt/splunk/bin/splunk", "start"], [/* 50 vars */]) = -1 ENOEXEC (Exec format error)
write(2, "strace: exec: Exec format error\n", 32strace: exec: Exec format error
) = 32
exit_group(1) = ?
+++ exited with 1 +++

0 Karma
Reply

PavelP
Motivator
‎05-21-2020 07:08 AM

@arun_kant_sharma this error means your computer architecture is different than the splunk binary

What is your OS (uname -a, lsb_release) and what is the exact splunk version (x64, 86, arm)?

0 Karma
Reply

arun_kant_sharm
Path Finder
‎05-21-2020 05:12 PM

I am using Splunk 7.2 in AWS EC2 instance (Amazon 1) , I am using splunk on that environment from last one year.

$SPLUNK_HOME/bin/splunk -version
Splunk 7.2.6 (build c0bf0f679ce9)

uname -a
Linux abcdXyz 4.14.123-86.109.amzn1.x86_64 #1 SMP Mon Jun 10 19:44:53 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

0 Karma
Reply

PavelP
Motivator
‎05-21-2020 11:03 PM

Has splunk suddently stopped to work or it happened after an upgrade?

please try

file /opt/splunk/bin/splunk*

expected output:

[root@mwg42 ~]# file /opt/splunk/bin/splunk*
/opt/splunk/bin/splunk:              ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.4.0, stripped
/opt/splunk/bin/splunkd:             ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.4.0, stripped
/opt/splunk/bin/splunkmon:           ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.4.0, stripped
/opt/splunk/bin/splunk-optimize:     ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.4.0, stripped
/opt/splunk/bin/splunk-optimize-lex: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.4.0, stripped
0 Karma
Reply

renjith_nair
SplunkTrust
SplunkTrust
‎05-21-2020 01:09 AM

@arun_kant_sharma ,

Its quite strange that you dont see anything in the console after the start command. Is the installation dir correct and are you able to see binaries there ?

Happy Splunking!
0 Karma
Reply

arun_kant_sharm
Path Finder
‎05-21-2020 01:17 AM

Yes Binaries are present in /opt/splunk/bin.

0 Karma
Reply

renjith_nair
SplunkTrust
SplunkTrust
‎05-21-2020 07:50 PM

@arun_kant_sharma ,
its possible that the binaries are overwritten by manual copy/move process. Otherwise it should output the start up messages in your console

Happy Splunking!
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...