Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Moving Splunk to New Server - The WebServer doesn't start

rpearson
Explorer
‎03-23-2021 02:35 PM

I have scoured the forums and checked the web_service.log but I can't seem to be able to figure out what my problem is.  What can I be looking for?

 

Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _metrics _metrics_rollup _telemetry _thefishbucket history main nagios nix perfmon summary windows
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-8.1.2-545206cc9f70-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Done


Waiting for web server at https://127.0.0.1:8000 to be available..

Labels (1)
Labels
0 Karma
Reply

rpearson
Explorer
‎03-24-2021 12:03 PM

1.  Yes

2.  I copied over my entire splunk directory over to a new server and installed splunk as per the instructions I am trying to turn it on for the new server for the first time.

3.  I did chown the directory.

0 Karma
Reply

Vardhan
Contributor
‎03-24-2021 12:09 PM

Hi @rpearson ,

 

Can you go to /opt/splunk/etc/system/local

Take a backup and remove the inputs.conf & server. conf. After that restart the Splunk and check.

0 Karma
Reply

rpearson
Explorer
‎03-24-2021 12:12 PM

No change after removing those files.

0 Karma
Reply

96nick
Communicator
‎03-24-2021 11:52 AM

A couple questions:

  1. I'm assuming that it's getting stuck at "Waiting for web server at https://127.0.0.1:8000 to be available.." but I don't want to assume. Is that correct?
  2. What were you working on before you (re)started the web server? SSL/TLS? 
  3. What user is running Splunk? (root? splunk?) Have you tried doing a chown -R splunk:splunk {SPLUNK DIR}?
0 Karma
Reply

rpearson
Explorer
‎03-24-2021 12:13 PM

1.  Yes

2.  I copied over my entire splunk directory over to a new server and installed splunk as per the instructions I am trying to turn it on for the new server for the first time.

3.  I did chown the directory.

 

@96nick 

0 Karma
Reply

96nick
Communicator
‎03-24-2021 12:28 PM

Have you checked out Splunkd.log on the new server? I'd grep for ERROR and see if it's telling you anything useful. 

Are the Splunk versions the same old=>new? Things can get funky if you're going from 7.x to 8.x+ with the changes that Splunk put out (namely Python). If so try removing your apps (just move them to your home dir for now) and seeing if Splunk restarts. 

Another thing to check is if something is up with your conf files you copied over in /etc/system/local. You may need to enter in the passwords in plaintext so they can be hashed again by Splunk itself. 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...