Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk web not loading unless specify port 8000, now going down all together

tristanmatthews
Path Finder
‎11-23-2013 06:07 PM

So I'm very much not an export on these things, but I think something has gone horribly wrong with my ports....

about a week ago my splunk we stopped loading unless I explicitly specified the port in the URL like

http://myurl.com:8000/en-US/manager/search

I'm not periodically having splunk web go down all together and getting:

503 Service Unavailable

Return to Splunk home page

The splunkd daemon cannot be reached by splunkweb. Check that there are no blocked network ports or that splunkd is still running.

When I check what ports are being used (with netstat -a) I see none of the normal localhost:8089 lines. I can restart Splunk and have it come back up fine (well using port 8000...) but it will go down again seemingly randomly.

Any help (or where to start looking / googling) would be great.

Thanks

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎11-23-2013 08:52 PM

Install the SOS app and look at the warnings for the splunkd/web response time dashboard.
When splunkd response goes above the 30sec, the splunkweb will throw a timeout. Look when it happens and find the pattern.

To reduce the load test :

  • disable useless apps with extra load (deployment monitor, ...)
  • disable costly scripted inputs
  • disable scheduled searches
  • disable report acceleration

View solution in original post

Reply
Solved! Jump to solution

dstaulcu
Builder
‎04-22-2015 05:12 AM

Check the domain controllers used to process authentication requests.

In our case, the ldap strategy applicable to users experiencing this problem at logon specified the dns name of the authenticating domain. Splunk does an "A" record type DNS query for servers associated with the specified domain and sometimes picks a server in list which is in a far off, bandwidth challenged, branch office. In those cases, the authentication process does not complete before splunk web times out and interprets the delay as an error. We will likely create another DNS alias whose hosts are constrained to a pool of domain controllers nearest to our search heads, and reference that alias instead within our ldap strategies.

0 Karma
Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎11-23-2013 08:52 PM

Install the SOS app and look at the warnings for the splunkd/web response time dashboard.
When splunkd response goes above the 30sec, the splunkweb will throw a timeout. Look when it happens and find the pattern.

To reduce the load test :

  • disable useless apps with extra load (deployment monitor, ...)
  • disable costly scripted inputs
  • disable scheduled searches
  • disable report acceleration
Reply
Solved! Jump to solution

tristanmatthews
Path Finder
‎11-24-2013 08:14 PM

So I'm still not sure whats wrong with my splunk system, but your right my response times keep going well above 30 seconds, and this got me pointed in the right direction.

0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...