Deployment Architecture

Error when running Splunk -9.0.2-17e00c557dc1-linux-2.6-amd64.deb

dgoutama
Loves-to-Learn

Hi Community, 

Has anyone had a problem after installing the new Splunk 9.0.2.1? I had a problem after I finished downloading, and when I wanted to accept the license, there were error messages as below;

──(root💀kali)-[/opt/splunk/bin]
└─# ./splunk start --accept-license

Splunk> 4TW

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _configtracker _internal _introspection _metrics _metrics_rollup _telemetry _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-9.0.1-82c987350fde-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Job for Splunkd.service failed because the control process exited with error code.
See "systemctl status Splunkd.service" and "journalctl -xeu Splunkd.service" for details.

┌──(root💀kali)-[/opt/splunk/bin]
└─# systemctl status splunkd.service 4 ⨯
× splunk.service - LSB: Start splunk
Loaded: loaded (/etc/init.d/splunk; generated)
Active: failed (Result: exit-code) since Sun 2022-12-11 06:35:55 EST; 10min ago
Docs: man:systemd-sysv-generator(8)
Process: 64361 ExecStart=/etc/init.d/splunk start (code=exited, status=1/FAILURE)
CPU: 7.741s

Dec 11 06:35:55 kali splunk[64364]: Done
Dec 11 06:35:55 kali splunk[64364]: All preliminary checks passed.
Dec 11 06:35:55 kali splunk[64364]: Starting Splunk server daemon (splunkd)...
Dec 11 06:35:55 kali systemctl[64427]: Job for Splunkd.service failed because the control process exited with error code.
Dec 11 06:35:55 kali systemctl[64427]: See "systemctl status Splunkd.service" and "journalctl -xeu Splunkd.service" for details.
Dec 11 06:35:55 kali splunk[64362]: Systemd manages the Splunk service. Use 'systemctl start Splunkd' to start the service. Root permission is require>
Dec 11 06:35:55 kali systemd[1]: splunk.service: Control process exited, code=exited, status=1/FAILURE
Dec 11 06:35:55 kali systemd[1]: splunk.service: Failed with result 'exit-code'.
Dec 11 06:35:55 kali systemd[1]: Failed to start LSB: Start splunk.
Dec 11 06:35:55 kali systemd[1]: splunk.service: Consumed 7.741s CPU time.
lines 1-17/17 (END)

anyone can help me to solve these problems. I appreciate it. 

 

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

What did you get when you followed these instructions: "See "systemctl status Splunkd.service" and "journalctl -xeu Splunkd.service" for details." ?

---
If this reply helps you, Karma would be appreciated.
0 Karma

dgoutama
Loves-to-Learn

Hi richgalloway, 

Thank you for your reply.  Below were the results I received after I followed these Instructions: systemctl status Splunkd.service" and "journalctl -xeu Splunkd.service"

┌──(root💀kali)-[/opt/splunk/bin]
└─# systemctl status Splunkd.service 1 ⨯
× Splunkd.service - Systemd service file for Splunk, generated by 'splunk enable boot-start'
Loaded: loaded (/etc/systemd/system/Splunkd.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Mon 2022-12-12 07:06:40 EST; 28s ago
Process: 2284 ExecStart=/opt/splunk/bin/splunk _internal_launch_under_systemd (code=killed, signal=INT)
Process: 2285 ExecStartPost=/bin/bash -c chown -R splunk:splunk /sys/fs/cgroup/cpu/system.slice/Splunkd.service (code=exited, status=1/FAILURE)
Main PID: 2284 (code=killed, signal=INT)
CPU: 14ms

Dec 12 07:06:40 kali systemd[1]: Splunkd.service: Scheduled restart job, restart counter is at 5.
Dec 12 07:06:40 kali systemd[1]: Stopped Systemd service file for Splunk, generated by 'splunk enable boot-start'.
Dec 12 07:06:40 kali systemd[1]: Splunkd.service: Start request repeated too quickly.
Dec 12 07:06:40 kali systemd[1]: Splunkd.service: Failed with result 'exit-code'.
Dec 12 07:06:40 kali systemd[1]: Failed to start Systemd service file for Splunk, generated by 'splunk enable boot-start'.

(root💀kali)-[/opt/splunk/bin]
└─# journalctl -xeu Splunkd.service 3 ⨯
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit Splunkd.service has finished with a failure.
░░
░░ The job identifier is 2754 and the job result is failed.
Dec 12 07:06:40 kali systemd[1]: Splunkd.service: Scheduled restart job, restart counter is at 5.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ Automatic restarting of the unit Splunkd.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Dec 12 07:06:40 kali systemd[1]: Stopped Systemd service file for Splunk, generated by 'splunk enable boot-start'.
░░ Subject: A stop job for unit Splunkd.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A stop job for unit Splunkd.service has finished.
░░
░░ The job identifier is 2829 and the job result is done.
Dec 12 07:06:40 kali systemd[1]: Splunkd.service: Start request repeated too quickly.
Dec 12 07:06:40 kali systemd[1]: Splunkd.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit Splunkd.service has entered the 'failed' state with result 'exit-code'.
Dec 12 07:06:40 kali systemd[1]: Failed to start Systemd service file for Splunk, generated by 'splunk enable boot-start'.
░░ Subject: A start job for unit Splunkd.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit Splunkd.service has finished with a failure.
░░
░░ The job identifier is 2829 and the job result is failed.
lines 794-828/828 (END)

I never received these kinds of results or problems when I installed Splunk before but this is new release splunk 9.02. Do you know how to solve these problems?  Thank you. 

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Hmm...  Neither of those commands helps much to determine the cause.  Have you looked at splunkd.log or splunkd_stderr.log?

---
If this reply helps you, Karma would be appreciated.
0 Karma

dgoutama
Loves-to-Learn

Hi richgalloway, 

 

You meant you can not help me solve the issue. No, I did not look at splunkd.log or splunkd_stderr.log. what are these for?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I'm not saying I can't help only that the systemctl and journald commands did not provide enough information to identify the cause of the problem.

splunkd.log is Splunk's general log.  If Splunk is failing to start then there should be messages here that say why.

splunkd_stderr.log is the file Splunk writes stderr messages.  This is another file that may have messages about why Splunk can't start.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...