I tried all evening to get Splunk Enterprise up and running on a Windows 7 box. I am installing on a non-system drive with Local User selected in the wizard. The splunkd service seems to start, but it hangs with the message Waiting for web server at https://127.0.0.1:8000 to be available
. I have tried other ports, and I have tried disabling both UAC and the Windows firewall with no luck. The firewall has everything open from both the splunkd service and splunkweb service. It looks like this was automatically done at install time.
A netstat -an
does not show anything listening on the configured web port.
Has anyone else had this problem?
Update: I've uninstalled and tried with the default configuration. The exact same condition occurs.
Update: When I run splunk stop from another command prompt, I see the error: WARNING: web interface does not seem to be available! .
This is "resolved". After seeing the splunk answers thread on an evident python bug noted in the comments, I uninstalled Splunk Enterprise from my windows box. Instead, I installed it on my son's CentOS box, set up a universal forward on my windows box, and had everything configured in about 20 minutes. I then spent the evening doing a jigsaw puzzle in the dining room instead of trying to get Splunk Enterprise to work on my Windows box.
This is "resolved". After seeing the splunk answers thread on an evident python bug noted in the comments, I uninstalled Splunk Enterprise from my windows box. Instead, I installed it on my son's CentOS box, set up a universal forward on my windows box, and had everything configured in about 20 minutes. I then spent the evening doing a jigsaw puzzle in the dining room instead of trying to get Splunk Enterprise to work on my Windows box.
I noticed it says "https" which means you've enabled ssl in web.conf.
I'm going to bet you cant find your ssl certs due to permissions issues, or because they're not present.
Good eye jkat54. Since I've reinstalled with default config and get the same condition, the error now says:
`Waiting for web server at http://127.0.0.1:31337 to be available.......
WARNING: web interface does not seem to be available!`
(well, not quite default now, I did try a higher port).
Check your splunkd.log again and see what it says. Typically this is indicative of a permissions issue, most likely related to the user account running the app. Perhaps try running the service as administrator first and validate you can get it to start with full perms, then back it off to a restricted user.
The only way I know how to run it as admin is to run command prompt as admin and run splunk start from there, which I have tried with the same error. I'll double check the splunkd.log. Thank you!
You can go into the services control panel and change the runas user, I think Start -> Run -> services.msc works in Win7..
As first troubleshooting step start looking in splunk.log
in $SPLUNK_HOME/var/log/splunk
For the record, it is splunk 6.3.2...typo.
Looks like https://answers.splunk.com/answers/177187/why-is-the-splunk-web-service-not-running-after-an.html but there's no help there. Bummer.
I don't see splunk.log, just splunkd.log
. The only thing above INFO was the following:
01-12-2016 20:31:11.656 -0600 WARN DC:DeploymentClient - DeploymentClient explicitly disabled through config.
01-12-2016 20:31:11.678 -0600 WARN IndexerService - Indexer was started dirty: splunkd startup may take longer than usual; searches may not be accurate until background fsck completes.
I also checked web_service.log and found this error:
2016-01-12 20:31:12,638 ERROR [-] root:810 - Unable to start splunkweb
2016-01-12 20:31:12,638 ERROR [-] root:811 - must be string without null bytes or None, not str
Traceback
(etc).