Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk standalone server: Why after the OS update the Splunk is unable to run the service?

iamtheclient20
Explorer
‎08-07-2023 11:55 PM

Splunk Version: 8
OS: Windows Server

Good afternoon.

Maybe someone here may give me an idea how to troubleshoot.
Customer update the OS of Windows server, then after the OS update the Splunk is unable to run the service.
WARNING: Seems web interface is not to be available.

No logs written in splunkd.log

The folder or directory of Splunk is under Splunk user.

Thank you.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-08-2023 12:07 AM

Hi @iamtheclient20,

at first, did you disabled the Windows local firewall or another protectio?

What's the version of the new windows?

Splunk 8.X is certified for Windows 10, Windows Server 2016 and 2019.

Ciao.

Giuseppe

0 Karma
Reply

iamtheclient20
Explorer
‎08-08-2023 12:24 AM

Windows Server 2012 R2 Standard. We already check the itself firewall seems ok .

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-08-2023 12:35 AM

Hi @iamtheclient20,

this windows version isn't certified for Splunk 8, and this could be the issue, even if I don't think.

Are you able co connect to the server, using the browser, from itself?

If you can open a case to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply

iamtheclient20
Explorer
‎08-08-2023 01:46 AM

I am not able to connect using browser ifself. Yes, upon checking OS version is not supported. Thanks

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-08-2023 12:53 AM

Based on this https://docs.splunk.com/Documentation/Splunk/7.3.9/Installation/Systemrequirements Splunk 7.3 is latest officially supported version for Window 2012 or 2012 R2.

Platform support changes in version 8.0 also confirm that.

Anyhow Windows 2012R2 will be out of support quite soon (https://learn.microsoft.com/en-us/lifecycle/announcements/windows-server-2012-r2-end-of-support) so you should upgrade it anyhow to some recent version to secure your environment.

0 Karma
Reply

iamtheclient20
Explorer
‎08-08-2023 01:47 AM

Thank you for these reference, we will consider that.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-08-2023 12:06 AM

Hi

Have you try to start it manually?

If splunk logs haven't anything, are you check also windows event viewer?

Which Windows version + exact splunk version 8.2.??

Physical or virtual hardware?

r. Ismo

0 Karma
Reply

iamtheclient20
Explorer
‎08-08-2023 12:14 AM

Splunk Version 8.2.6, residing in physical server.
I also tried to start the splunk using windows services but not luck.
I did not check this windows event viewer.

I am thinking to update to latest version of Splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...