Disclaimer: I'm a Ubuntu and Splunk administration novice.

This is the 4th time I spun up a Splunk Enterprise instance in Azure (see https://azuremarketplace.microsoft.com/en-us/marketplace/apps/splunk.splunk-enterprise). The 3 most recent times worked great the first time I used them but if I shut down the instance (to save $) and restart it a subsequent day, I cannot reach the web interface. The browser responds with "ERR_CONNECTION_REFUSED".

I can SSH into the machine just fine, but I do not see a Splunk service running using service --status-all. Not sure if I should. If I try ./splunk restart I get "ERROR: Couldn't determine $SPLUNK_HOME or $SPLUNK_ETC; perhaps one should be set in environment" which makes me suspect I'm not trying to restart under the correct account.

Any ideas on how to troubleshoot this instance, restart Splunk, and/or find out what's wrong with this Azure image would be appreciated.