Splunk enterprise webserver is stuck

vchennuri · ‎10-08-2019

My splunk enterprise webserver is stuck as below and starting:

Splunk> 4TW

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking appserver port [127.0.0.1:8065]: open
        Checking kvstore port [8191]: open
        Checking configuration... Done.
        Checking critical directories...        Done
        Checking indexes...
                Validated: _audit _internal _introspection _telemetry _thefishbucket collectd history mail main secure summary unix_summary
        Done
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
        Done
        Checking default conf files for edits...
        Validating installed files against hashes from '/opt/splunk/splunk-7.3.0-657388c7a488-linux-2.6-x86_64-manifest'
File '/opt/splunk/etc/system/default/alert_actions.conf' changed.
File '/opt/splunk/etc/system/default/web.conf' changed.
        Problems were found, please review your files and move customizations to local
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Done
 [  OK  ]

Waiting for web server at https://127.0.0.1:8000 to be available...

Can someone help please ?

badrinath_itrs · ‎10-09-2019

Hi,

First of all you should not be modifying the files present in $SPLUNK_HOME/etc/system/default location which is shipped by SPLUNK. If you want to modify them, please create a new .conf file in either $SPLUNK_HOME/etc/system/local or $SPLUNK_HOME/etc/apps//local directory with your setting.

Please check splunkd.log and see if you are getting any error there. It appears to me you have modified some settings in web.conf file in $SPLUNK_HOME/etc/system/default which might be causing this issue.

Splunk enterprise webserver is stuck

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!