Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk enterprise webserver is stuck

vchennuri
Engager
‎10-08-2019 10:47 AM

My splunk enterprise webserver is stuck as below and starting:

Splunk> 4TW

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking appserver port [127.0.0.1:8065]: open
        Checking kvstore port [8191]: open
        Checking configuration... Done.
        Checking critical directories...        Done
        Checking indexes...
                Validated: _audit _internal _introspection _telemetry _thefishbucket collectd history mail main secure summary unix_summary
        Done
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
        Done
        Checking default conf files for edits...
        Validating installed files against hashes from '/opt/splunk/splunk-7.3.0-657388c7a488-linux-2.6-x86_64-manifest'
File '/opt/splunk/etc/system/default/alert_actions.conf' changed.
File '/opt/splunk/etc/system/default/web.conf' changed.
        Problems were found, please review your files and move customizations to local
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Done
 [  OK  ]

Waiting for web server at https://127.0.0.1:8000 to be available...

Can someone help please ?

0 Karma
Reply

badrinath_itrs
Communicator
‎10-09-2019 04:28 AM

Hi,

First of all you should not be modifying the files present in $SPLUNK_HOME/etc/system/default location which is shipped by SPLUNK. If you want to modify them, please create a new .conf file in either $SPLUNK_HOME/etc/system/local or $SPLUNK_HOME/etc/apps//local directory with your setting.

Please check splunkd.log and see if you are getting any error there. It appears to me you have modified some settings in web.conf file in $SPLUNK_HOME/etc/system/default which might be causing this issue.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...