Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is my splunk daemon crashing?

aarongolub
New Member
‎10-11-2012 04:05 PM

It seems like every other day I attempt to use Splunk and I get the following:

"503 Service Unavailable

Return to Splunk home page

The splunkd daemon cannot be reached by splunkweb. Check that there are no blocked network ports or that splunkd is still running."

I then restart splunkd and I can get back in. I'm pretty new to splunk, so I'm unsure how to troubleshoot this. Is there a log that will help me diagnose this issue? I noticed in the license_audit.log it says the following:

"10-11-2012 00:00:01.015 INFO LicenseManager-Audit - Audit:[quotaExceededCount=0, lastExceedDate=1331794800, peak=213689346, rolloverCount=3, totalCumulativeBytesAtRollover=213689346, todaysBytesIndexed=213689346, licenseSize=524288000][C2e5bdtQOCkMHQNZsE3EhmfY7l5E/F7K7liuBjCy8xR708UOgo1jK3zZxhQsgKDzLV/+eyDh1sfGuWRIhjUqrKouiRVK6YtLX1PosMy4W9L6vankNm60b4pV4YB3hcZ8wD2WPmpm17hxCWqfCKB+rKTSq1XjuFBa7XNpdUHeE1eeEikdIMOeh8obqf1Im//Jajxi6zZ+4OF44Vj29h6PwrMULwVMbE2X3Hgh+w/+nPjxbp1mAPlOsrNIvKG7iCJV30zyiPA4VT2HarE8MdDG546WWkrVGx36hgsPy3WapBp8elLdwiqGFVMxGFTngQOgUBWB7VYHWtxphN/nUE2Lzg==]"

Could this be a simple case of just processing too many logs for my given license?

Running on Ubuntu 10.04 with Splunk 4.3 build 115073, using the free license.

Any help would be greatly appreciated.

AG

aarong@smartshoot.com

Tags (1)
0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎10-12-2012 12:27 AM

Hi aarongolub

this message is not the cause for your crash and you are not processing too many logs, yet 😉

Have you installed the S.o.S. app on your Splunk? This app will help you pretty easy to figure out what is causing the crashes or you search index=_internal on your own.

cheers,
MuS

Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...