Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk enterprise webserver is stuck

vchennuri
Engager
‎10-08-2019 10:47 AM

My splunk enterprise webserver is stuck as below and starting:

Splunk> 4TW

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking appserver port [127.0.0.1:8065]: open
        Checking kvstore port [8191]: open
        Checking configuration... Done.
        Checking critical directories...        Done
        Checking indexes...
                Validated: _audit _internal _introspection _telemetry _thefishbucket collectd history mail main secure summary unix_summary
        Done
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
        Done
        Checking default conf files for edits...
        Validating installed files against hashes from '/opt/splunk/splunk-7.3.0-657388c7a488-linux-2.6-x86_64-manifest'
File '/opt/splunk/etc/system/default/alert_actions.conf' changed.
File '/opt/splunk/etc/system/default/web.conf' changed.
        Problems were found, please review your files and move customizations to local
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Done
 [  OK  ]

Waiting for web server at https://127.0.0.1:8000 to be available...

Can someone help please ?

0 Karma
Reply

badrinath_itrs
Communicator
‎10-09-2019 04:28 AM

Hi,

First of all you should not be modifying the files present in $SPLUNK_HOME/etc/system/default location which is shipped by SPLUNK. If you want to modify them, please create a new .conf file in either $SPLUNK_HOME/etc/system/local or $SPLUNK_HOME/etc/apps//local directory with your setting.

Please check splunkd.log and see if you are getting any error there. It appears to me you have modified some settings in web.conf file in $SPLUNK_HOME/etc/system/default which might be causing this issue.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...