Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk on RHEL9 won't start

atr
Explorer
‎07-22-2024 03:46 PM

I have installed Splunk Enterprise on an RHEL9 VM in AWS. I have tried installing via TAR and RPM. I also tried starting it as "root" and "splunk" users but it just won't start. It always hangs at the same point and when that happens I can't even SSH to my VM. I have to reboot the VM to get access to it again.

It stays here for about 30 minutes (maybe longer).

atr_2-1721688360491.png

Then, I see the following.

atr_1-1721688197127.png

Any idea what might be going on?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

atr
Explorer
‎07-23-2024 08:14 AM

I was able to get it running. The culprit was RAM. I increased it significantly and it is starting up now.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

atr
Explorer
‎07-23-2024 08:14 AM

I was able to get it running. The culprit was RAM. I increased it significantly and it is starting up now.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-23-2024 11:27 PM

Hi @atr ,

check also the other hardware reuirement, to avoid next issues.

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Reply
Solved! Jump to solution

atr
Explorer
‎07-23-2024 06:28 AM

Thanks for your responses! I do not have a local firewall and SELinux is disabled. I do see "Socket error communicating with splunkd" messages in a couple of logs. I am not sure how to interpret that. Also, there is nothing of relevance in "/opt/splunk/var/log/splunk/first_install.log"

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-22-2024 11:49 PM

Hi @atr ,

as @deepakc said, check and disable the local firewall.

Then see at /opt/splunk/var/log/splunk/first_install.log if something is described.

If you continue to have issues, open a case to Splunk Support, But I'm confident that the issue is the local firewall.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

deepakc
Builder
‎07-22-2024 10:32 PM

 Start by checking that you have port 8000 available - check firewall ports 

The SSH issue is again most likely related to ports/access 22 (but this is not a splunk issue)

Speak to an Linux OS admin, as your issue's seem to be OS config related.  

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...