Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk standalone server: Why after the OS update the Splunk is unable to run the service?

iamtheclient20
Explorer
‎08-07-2023 11:55 PM

Splunk Version: 8
OS: Windows Server

Good afternoon.

Maybe someone here may give me an idea how to troubleshoot.
Customer update the OS of Windows server, then after the OS update the Splunk is unable to run the service.
WARNING: Seems web interface is not to be available.

No logs written in splunkd.log

The folder or directory of Splunk is under Splunk user.

Thank you.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-08-2023 12:07 AM

Hi @iamtheclient20,

at first, did you disabled the Windows local firewall or another protectio?

What's the version of the new windows?

Splunk 8.X is certified for Windows 10, Windows Server 2016 and 2019.

Ciao.

Giuseppe

0 Karma
Reply

iamtheclient20
Explorer
‎08-08-2023 12:24 AM

Windows Server 2012 R2 Standard. We already check the itself firewall seems ok .

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-08-2023 12:35 AM

Hi @iamtheclient20,

this windows version isn't certified for Splunk 8, and this could be the issue, even if I don't think.

Are you able co connect to the server, using the browser, from itself?

If you can open a case to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply

iamtheclient20
Explorer
‎08-08-2023 01:46 AM

I am not able to connect using browser ifself. Yes, upon checking OS version is not supported. Thanks

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-08-2023 12:53 AM

Based on this https://docs.splunk.com/Documentation/Splunk/7.3.9/Installation/Systemrequirements Splunk 7.3 is latest officially supported version for Window 2012 or 2012 R2.

Platform support changes in version 8.0 also confirm that.

Anyhow Windows 2012R2 will be out of support quite soon (https://learn.microsoft.com/en-us/lifecycle/announcements/windows-server-2012-r2-end-of-support) so you should upgrade it anyhow to some recent version to secure your environment.

0 Karma
Reply

iamtheclient20
Explorer
‎08-08-2023 01:47 AM

Thank you for these reference, we will consider that.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-08-2023 12:06 AM

Hi

Have you try to start it manually?

If splunk logs haven't anything, are you check also windows event viewer?

Which Windows version + exact splunk version 8.2.??

Physical or virtual hardware?

r. Ismo

0 Karma
Reply

iamtheclient20
Explorer
‎08-08-2023 12:14 AM

Splunk Version 8.2.6, residing in physical server.
I also tried to start the splunk using windows services but not luck.
I did not check this windows event viewer.

I am thinking to update to latest version of Splunk.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...