I tried all evening to get Splunk Enterprise up and running on a Windows 7 box. I am installing on a non-system drive with Local User selected in the wizard. The splunkd service seems to start, but it hangs with the message
Waiting for web server at https://127.0.0.1:8000 to be available. I have tried other ports, and I have tried disabling both UAC and the Windows firewall with no luck. The firewall has everything open from both the splunkd service and splunkweb service. It looks like this was automatically done at install time.
netstat -an does not show anything listening on the configured web port.
Has anyone else had this problem?
Update: I've uninstalled and tried with the default configuration. The exact same condition occurs.
Update: When I run splunk stop from another command prompt, I see the error:
WARNING: web interface does not seem to be available! .
As first troubleshooting step start looking in
I don't see splunk.log, just
splunkd.log. The only thing above INFO was the following:
01-12-2016 20:31:11.656 -0600 WARN DC:DeploymentClient - DeploymentClient explicitly disabled through config.
01-12-2016 20:31:11.678 -0600 WARN IndexerService - Indexer was started dirty: splunkd startup may take longer than usual; searches may not be accurate until background fsck completes.
I also checked web_service.log and found this error:
2016-01-12 20:31:12,638 ERROR [-] root:810 - Unable to start splunkweb
2016-01-12 20:31:12,638 ERROR [-] root:811 - must be string without null bytes or None, not str
I noticed it says "https" which means you've enabled ssl in web.conf.
I'm going to bet you cant find your ssl certs due to permissions issues, or because they're not present.
Good eye jkat54. Since I've reinstalled with default config and get the same condition, the error now says:
`Waiting for web server at http://127.0.0.1:31337 to be available.......
WARNING: web interface does not seem to be available!`
(well, not quite default now, I did try a higher port).
Check your splunkd.log again and see what it says. Typically this is indicative of a permissions issue, most likely related to the user account running the app. Perhaps try running the service as administrator first and validate you can get it to start with full perms, then back it off to a restricted user.
The only way I know how to run it as admin is to run command prompt as admin and run splunk start from there, which I have tried with the same error. I'll double check the splunkd.log. Thank you!