Monitoring Splunk

Why is my splunk daemon crashing?

aarongolub
New Member

It seems like every other day I attempt to use Splunk and I get the following:

"503 Service Unavailable

Return to Splunk home page

The splunkd daemon cannot be reached by splunkweb. Check that there are no blocked network ports or that splunkd is still running."

I then restart splunkd and I can get back in. I'm pretty new to splunk, so I'm unsure how to troubleshoot this. Is there a log that will help me diagnose this issue? I noticed in the license_audit.log it says the following:

"10-11-2012 00:00:01.015 INFO LicenseManager-Audit - Audit:[quotaExceededCount=0, lastExceedDate=1331794800, peak=213689346, rolloverCount=3, totalCumulativeBytesAtRollover=213689346, todaysBytesIndexed=213689346, licenseSize=524288000][C2e5bdtQOCkMHQNZsE3EhmfY7l5E/F7K7liuBjCy8xR708UOgo1jK3zZxhQsgKDzLV/+eyDh1sfGuWRIhjUqrKouiRVK6YtLX1PosMy4W9L6vankNm60b4pV4YB3hcZ8wD2WPmpm17hxCWqfCKB+rKTSq1XjuFBa7XNpdUHeE1eeEikdIMOeh8obqf1Im//Jajxi6zZ+4OF44Vj29h6PwrMULwVMbE2X3Hgh+w/+nPjxbp1mAPlOsrNIvKG7iCJV30zyiPA4VT2HarE8MdDG546WWkrVGx36hgsPy3WapBp8elLdwiqGFVMxGFTngQOgUBWB7VYHWtxphN/nUE2Lzg==]"

Could this be a simple case of just processing too many logs for my given license?

Running on Ubuntu 10.04 with Splunk 4.3 build 115073, using the free license.

Any help would be greatly appreciated.

AG

[email protected]

Tags (1)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi aarongolub

this message is not the cause for your crash and you are not processing too many logs, yet 😉

Have you installed the S.o.S. app on your Splunk? This app will help you pretty easy to figure out what is causing the crashes or you search index=_internal on your own.

cheers,
MuS

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...