Solved: At startup, Splunk is "Waiting for web server..." ...

esalesapns2 · ‎10-31-2018

I broke web.conf and rebooted my linux box.
Booted in AWS on splunk_marketplace_AMI_2018-09-28_14_12_30.
SSHD hasn't started yet (it's S55sshd, splunk is S50splunk in /etc/rc.d/rc3.d/)
so I can't log into the box to fix it. Now what?

esalesapns2 · ‎10-28-2019

As of 7.3.2, Splunk uses systemd on RHEL 7 and sets the splunk startup in /etc/rc.d/rc3.d to S90splunk, avoiding this issue.

View solution in original post

esalesapns2 · ‎10-28-2019

As of 7.3.2, Splunk uses systemd on RHEL 7 and sets the splunk startup in /etc/rc.d/rc3.d to S90splunk, avoiding this issue.

esalesapns2 · ‎12-28-2018

So I never got a reply. What I figured out is that it won't timeout. It turned my instance into an unusable brick. I had to create it again from scratch to fix a simple configuration issue. After I did, I made Splunk start after sshd by renaming the Splunk startup script to S60splunk in /etc/rc.d/rc3.d on this instance and all of my other instances. That allows sshd to start so you can login to fix any Splunk configuration issues.

If you're listening, Splunk, this would be a great change to make to your installer.

At startup, Splunk is "Waiting for web server..." Will it time out and allow my server to boot?

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application