Why does my Splunk Web interface stop responding a...

jackal713 · ‎09-11-2018

Hello Splunkers,

I seem to be having an issue where the web interface stops responding after a few hours. I then must issue "splunk restart" to bring it back but it stops working again after awhile. It is still indexing during that time. It's just that the web interface will not respond until I restart Splunk.

Thanks in advance. Other info below.

Splunk status when it is not working shows: "Splunkd: Running (pid ###)"

After Splunk restarts, it shows the same thing with a different PID number.

Splunkd is the only thing it lists in either case.

After the restart is complete the the web interface works just fine. For awhile.

OS: Win 10 Pro

jackal713 · ‎09-18-2018

I think I found the issue. We recently updated to Avast Business Pro antivirus. This version has it's own firewall that DID NOT copy existing exceptions from Windows Defender firewall. Creating exceptions in Avast did not resolve the issue. After several posts on the Avast help forum, the easiest (only?) way to fix this is to turn off Avast firewall and revert to Windows Defender firewall.

After doing this, Splunk works as intended until Avast is restarted and automatically re-enables the firewall. To prevent this you must (from the Avast management console) create a new settings template with Avast firewall disabled and apply it to the Splunk server.

Hope this helps others that may run in to this same issue.
Happy Splunking.

Splunk>Your data.

Why does my Splunk Web interface stop responding after a few hours?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Join the Conversation