Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why is my splunk daemon crashing?

aarongolub
New Member
‎10-11-2012 04:05 PM

It seems like every other day I attempt to use Splunk and I get the following:

"503 Service Unavailable

Return to Splunk home page

The splunkd daemon cannot be reached by splunkweb. Check that there are no blocked network ports or that splunkd is still running."

I then restart splunkd and I can get back in. I'm pretty new to splunk, so I'm unsure how to troubleshoot this. Is there a log that will help me diagnose this issue? I noticed in the license_audit.log it says the following:

"10-11-2012 00:00:01.015 INFO LicenseManager-Audit - Audit:[quotaExceededCount=0, lastExceedDate=1331794800, peak=213689346, rolloverCount=3, totalCumulativeBytesAtRollover=213689346, todaysBytesIndexed=213689346, licenseSize=524288000][C2e5bdtQOCkMHQNZsE3EhmfY7l5E/F7K7liuBjCy8xR708UOgo1jK3zZxhQsgKDzLV/+eyDh1sfGuWRIhjUqrKouiRVK6YtLX1PosMy4W9L6vankNm60b4pV4YB3hcZ8wD2WPmpm17hxCWqfCKB+rKTSq1XjuFBa7XNpdUHeE1eeEikdIMOeh8obqf1Im//Jajxi6zZ+4OF44Vj29h6PwrMULwVMbE2X3Hgh+w/+nPjxbp1mAPlOsrNIvKG7iCJV30zyiPA4VT2HarE8MdDG546WWkrVGx36hgsPy3WapBp8elLdwiqGFVMxGFTngQOgUBWB7VYHWtxphN/nUE2Lzg==]"

Could this be a simple case of just processing too many logs for my given license?

Running on Ubuntu 10.04 with Splunk 4.3 build 115073, using the free license.

Any help would be greatly appreciated.

AG

aarong@smartshoot.com

Tags (1)
0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎10-12-2012 12:27 AM

Hi aarongolub

this message is not the cause for your crash and you are not processing too many logs, yet 😉

Have you installed the S.o.S. app on your Splunk? This app will help you pretty easy to figure out what is causing the crashes or you search index=_internal on your own.

cheers,
MuS

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...