Solved: At startup, Splunk is "Waiting for web server..." ...

esalesapns2 · ‎10-31-2018

I broke web.conf and rebooted my linux box.
Booted in AWS on splunk_marketplace_AMI_2018-09-28_14_12_30.
SSHD hasn't started yet (it's S55sshd, splunk is S50splunk in /etc/rc.d/rc3.d/)
so I can't log into the box to fix it. Now what?

esalesapns2 · ‎10-28-2019

As of 7.3.2, Splunk uses systemd on RHEL 7 and sets the splunk startup in /etc/rc.d/rc3.d to S90splunk, avoiding this issue.

View solution in original post

esalesapns2 · ‎10-28-2019

As of 7.3.2, Splunk uses systemd on RHEL 7 and sets the splunk startup in /etc/rc.d/rc3.d to S90splunk, avoiding this issue.

esalesapns2 · ‎12-28-2018

So I never got a reply. What I figured out is that it won't timeout. It turned my instance into an unusable brick. I had to create it again from scratch to fix a simple configuration issue. After I did, I made Splunk start after sshd by renaming the Splunk startup script to S60splunk in /etc/rc.d/rc3.d on this instance and all of my other instances. That allows sshd to start so you can login to fix any Splunk configuration issues.

If you're listening, Splunk, this would be a great change to make to your installer.

At startup, Splunk is "Waiting for web server..." Will it time out and allow my server to boot?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?