Hello everyone
Splunk recently encountered problems, try to restart service and restart, can not be resolved.
The login process is lengthy, and finally the icon in the attachment is ejected to solve the
PS: Try querying the relevant KB and Document. The error message is as follows:
/opt/splunk/var/log/splunk/web_access.log
127.0.0.1 - - [10/Jan/2019:21:53:59.855 +0800] "GET /zh-TW/ HTTP/1.1" 500 3056 "http://172.16.1.208:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" - 5c374e77db7fa12c702790 60094ms
127.0.0.1 - - [10/Jan/2019:21:57:47.243 +0800] "HEAD /favicon.ico HTTP/1.1" 303 124 "" "Splunk/7.0.1 (Linux 3.10.0-693.5.2.el7.x86_64; arch=x86_64)" - 5c374f5b3e7fe75d3e72d0 8ms
127.0.0.1 - - [10/Jan/2019:21:59:56.520 +0800] "GET /zh-TW/ HTTP/1.1" 303 124 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" - 5c374fdc857fe75d3e7710 30107ms
127.0.0.1 - - [10/Jan/2019:22:00:26.808 +0800] "GET /zh-TW/config?autoload=1 HTTP/1.1" 200 304 "http://172.16.1.208/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" - 5c374fface7fe75d3e76d0 30037ms
127.0.0.1 - - [11/Jan/2019:09:09:05.106 +0800] "GET /zh-TW/config?autoload=1 HTTP/1.1" 200 304 "http://172.16.1.208/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.2 Safari/605.1.15" - 5c37ecb11b7fe75d3e7750 30038ms
127.0.0.1 - - [11/Jan/2019:09:16:01.155 +0800] "GET /zh-TW/ HTTP/1.1" 303 124 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" - 5c37ee51277fe75d3e72d0 30039ms
127.0.0.1 - - [11/Jan/2019:09:16:31.381 +0800] "GET /zh-TW/config?autoload=1 HTTP/1.1" 200 304 "http://172.16.1.208/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" - 5c37ee6f617fe75d3e7910 30045ms
127.0.0.1 - - [11/Jan/2019:09:18:53.460 +0800] "GET /zh-TW/ HTTP/1.1" 500 3041 "http://172.16.1.208/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" - 5c37eefd757fe75d3e7910 60093ms
127.0.0.1 - - [11/Jan/2019:09:22:41.738 +0800] "GET /zh-TW/ HTTP/1.1" 500 2949 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" - 5c37efe1bd7fe74c7d0c10 60072ms
/opt/splunk/var/log/splunk/web_service.log
2019-01-10 21:52:37,053 INFO [5c374e058b7fa12e562990] root:130 - ENGINE: Bus STARTING
2019-01-10 21:52:37,078 INFO [5c374e058b7fa12e562990] root:130 - ENGINE: Started monitor thread 'TimeoutMonitor'.
2019-01-10 21:52:37,186 INFO [5c374e058b7fa12e562990] root:130 - ENGINE: Serving on 127.0.0.1:8065
2019-01-10 21:52:37,188 INFO [5c374e058b7fa12e562990] root:130 - ENGINE: Bus STARTED
2019-01-10 21:52:37,289 INFO [5c374e25487fa12c7023d0] root:130 - ENGINE: Started monitor thread 'Monitor'.
2019-01-10 21:54:59,952 INFO [5c374e058b7fa12e562990] root:130 - ENGINE: Caught signal SIGTERM.
2019-01-10 21:54:59,953 INFO [5c374e058b7fa12e562990] root:130 - ENGINE: Bus STOPPING
2019-01-10 21:57:15,463 INFO [5c374f3b517fe75f247990] __init:171 - Using default logging config file: /opt/splunk/etc/log.cfg
2019-01-10 21:57:15,464 INFO [5c374f3b517fe75f247990] __init:209 - Setting logger=splunk level=INFO
2019-01-10 21:57:15,465 INFO [5c374f3b517fe75f247990] __init:209 - Setting logger=splunk.appserver level=INFO
2019-01-10 21:57:15,465 INFO [5c374f3b517fe75f247990] __init:209 - Setting logger=splunk.appserver.controllers level=INFO
2019-01-10 21:57:15,465 INFO [5c374f3b517fe75f247990] __init:209 - Setting logger=splunk.appserver.controllers.proxy level=INFO
2019-01-10 21:57:15,465 INFO [5c374f3b517fe75f247990] __init:209 - Setting logger=splunk.appserver.lib level=WARN
2019-01-10 21:57:15,465 INFO [5c374f3b517fe75f247990] __init:209 - Setting logger=splunk.pdfgen level=INFO
2019-01-10 21:57:16,508 INFO [5c374f3b517fe75f247990] lists:59 - List controller loaded: EntitiesListGenerator
2019-01-10 21:57:16,508 INFO [5c374f3b517fe75f247990] lists:65 - Setting lists/entities
2019-01-10 21:57:16,508 INFO [5c374f3b517fe75f247990] lists:59 - List controller loaded: JobsListGenerator
2019-01-10 21:57:16,509 INFO [5c374f3b517fe75f247990] lists:65 - Setting lists/jobs
2019-01-10 21:57:16,520 INFO [5c374f3b517fe75f247990] root:267 - Proxied mode ip_address=127.0.0.1 port=8065 exposed_port=80:
2019-01-10 21:57:16,721 INFO [5c374f3b517fe75f247990] custom:211 - Registering custom app endpoint: splunk_instrumentation/instrumentation_controller
2019-01-10 21:57:16,888 INFO [5c374f3b517fe75f247990] custom:211 - Registering custom app endpoint: Splunk_TA_windows/tawindowssetup
2019-01-10 21:57:16,889 INFO [5c374f3b517fe75f247990] root:545 - overriding JSON MIME type with 'text/plain; charset=UTF-8'
2019-01-10 21:57:46,934 INFO [5c374f3b517fe75f247990] root:580 - splunkdConnectionTimeout=30
2019-01-10 21:57:46,935 INFO [5c374f3b517fe75f247990] root:130 - ENGINE: Listening for SIGUSR1.
2019-01-10 21:57:46,936 INFO [5c374f3b517fe75f247990] root:130 - ENGINE: Listening for SIGTERM.
2019-01-10 21:57:46,936 INFO [5c374f3b517fe75f247990] root:130 - ENGINE: Listening for SIGHUP.
2019-01-10 21:57:46,937 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: DISPATCH_TIME_FORMAT (str): %s.%Q
2019-01-10 21:57:46,937 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: SSOMode (str): strict
2019-01-10 21:57:46,937 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: acceptFrom (str): *
2019-01-10 21:57:46,937 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: activeLicenseGroup (NoneType): None
2019-01-10 21:57:46,937 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: activeLicenseSubgroup (str): UNKNOWN_LICENSE_SUBGROUP
2019-01-10 21:57:46,938 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: addOns (dict): {}
2019-01-10 21:57:46,938 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: allowSslCompression (bool): False
2019-01-10 21:57:46,938 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: allowSslRenegotiation (bool): True
2019-01-10 21:57:46,938 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: allowSsoWithoutChangingServerConf (int): 0
2019-01-10 21:57:46,939 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: allowableTemplatePaths (str):
2019-01-10 21:57:46,939 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: appNavReportsLimit (int): 500
2019-01-10 21:57:46,939 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: appServerPorts (int): 8065
2019-01-10 21:57:46,939 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: build_number (str): 000
2019-01-10 21:57:46,939 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: busyKeepAliveIdleTimeout (int): 12
2019-01-10 21:57:46,940 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: cacheBytesLimit (int): 4194304
2019-01-10 21:57:46,940 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: cacheEntriesLimit (int): 16384
2019-01-10 21:57:46,940 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: choropleth_shape_limit (int): 10000
2019-01-10 21:57:46,940 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: cipherSuite (str): ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-
GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
2019-01-10 21:57:46,940 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: cpu_arch (str): UNKNOWN_CPU_ARCH
2019-01-10 21:57:46,941 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: crossOriginSharingPolicy (str):
2019-01-10 21:57:46,941 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: customFavicon (str):
2019-01-10 21:57:46,941 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: dashboard_html_allow_inline_styles (bool): True
2019-01-10 21:57:46,941 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: dedicatedIoThreads (int): 0
2019-01-10 21:57:46,941 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: docsCheckerBaseURL (str): https://quickdraw.splunk.com/help
2019-01-10 21:57:46,942 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: ecdhCurves (str): prime256v1, secp384r1, secp521r1
2019-01-10 21:57:46,942 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: embed_footer (str): splunk>
2019-01-10 21:57:46,942 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: embed_uri (str):
2019-01-10 21:57:46,942 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enableSplunkWebClientNetloc (bool): False
2019-01-10 21:57:46,943 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enableSplunkWebSSL (bool): False
2019-01-10 21:57:46,943 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enableWebDebug (bool): False
2019-01-10 21:57:46,943 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enable_autocomplete_login (bool): False
2019-01-10 21:57:46,943 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enable_gzip (bool): True
2019-01-10 21:57:46,943 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enable_insecure_login (bool): False
2019-01-10 21:57:46,944 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enable_pivot_adhoc_acceleration (bool): True
2019-01-10 21:57:46,944 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enable_proxy_write (bool): True
2019-01-10 21:57:46,944 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enable_risky_command_check (bool): True
2019-01-10 21:57:46,944 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: enabled_decomposers (str): plot
2019-01-10 21:57:46,944 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: engine.autoreload_on (bool): False
2019-01-10 21:57:46,945 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: error_page.default (instancemethod):
error.ErrorController object at 0x7fe75e683d10>>
2019-01-10 21:57:46,945 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: etc_path (str): /opt/splunk/etc
2019-01-10 21:57:46,945 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: flash_major_version (int): 9
2019-01-10 21:57:46,945 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: flash_minor_version (int): 0
2019-01-10 21:57:46,946 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: flash_revision_version (int): 124
2019-01-10 21:57:46,946 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: forceHttp10 (str): auto
2019-01-10 21:57:46,946 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: guid (NoneType): None
2019-01-10 21:57:46,946 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: httpport (int): 8065
2019-01-10 21:57:46,946 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: install_type (str): UNKNOWN_INSTALL_TYPE
2019-01-10 21:57:46,947 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: instance_type (str): splunk
2019-01-10 21:57:46,947 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: is_forwarder_license (bool): False
2019-01-10 21:57:46,947 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: is_free_license (bool): False
2019-01-10 21:57:46,947 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: is_proxied (bool): True
2019-01-10 21:57:46,947 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: is_trial_license (bool): True
2019-01-10 21:57:46,948 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: job_max_polling_interval (int): 1000
2019-01-10 21:57:46,948 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: job_min_polling_interval (int): 100
2019-01-10 21:57:46,948 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: js_logger_mode (str): None
2019-01-10 21:57:46,948 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: js_logger_mode_server_end_point (str): util/log/js
2019-01-10 21:57:46,949 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: js_logger_mode_server_max_buffer (int): 100
2019-01-10 21:57:46,949 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: js_logger_mode_server_poll_buffer (int): 1000
2019-01-10 21:57:46,949 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: jschart_results_limit (int): 10000
2019-01-10 21:57:46,949 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: jschart_series_limit (int): 100
2019-01-10 21:57:46,949 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: jschart_test_mode (bool): False
2019-01-10 21:57:46,950 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: jschart_truncation_limit.chrome (int): 50000
2019-01-10 21:57:46,950 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: jschart_truncation_limit.firefox (int): 50000
2019-01-10 21:57:46,950 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: jschart_truncation_limit.ie11 (int): 50000
2019-01-10 21:57:46,950 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: jschart_truncation_limit.safari (int): 50000
2019-01-10 21:57:46,950 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: keepAliveIdleTimeout (int): 7200
2019-01-10 21:57:46,951 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: license_desc (str): UNKNOWN_LICENSE_DESCRIPTION
2019-01-10 21:57:46,951 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: license_labels (list): []
2019-01-10 21:57:46,951 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: license_state (str): OK
2019-01-10 21:57:46,951 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: listenOnIPv6 (bool): False
2019-01-10 21:57:46,951 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: log.access_maxfiles (int): 5
2019-01-10 21:57:46,952 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: log.access_maxsize (int): 25000000
2019-01-10 21:57:46,952 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: log.error_maxfiles (int): 5
2019-01-10 21:57:46,952 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: log.error_maxsize (int): 25000000
2019-01-10 21:57:46,952 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: log.screen (bool): True
2019-01-10 21:57:46,952 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: loginBackgroundImageOption (str): default
2019-01-10 21:57:46,953 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: loginCustomBackgroundImage (str):
2019-01-10 21:57:46,953 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: loginCustomLogo (str):
2019-01-10 21:57:46,953 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: loginDocumentTitleOption (str): default
2019-01-10 21:57:46,953 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: loginDocumentTitleText (str):
2019-01-10 21:57:46,953 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: loginFooterOption (str): default
2019-01-10 21:57:46,954 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: loginFooterText (str):
2019-01-10 21:57:46,954 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: loginPasswordHint (str): changeme
2019-01-10 21:57:46,954 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: login_content (str):
2019-01-10 21:57:46,954 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: mako_cache_path (str): /opt/splunk/var/run/splunk/mako_cache
2019-01-10 21:57:46,955 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: master_guid (NoneType): None
2019-01-10 21:57:46,955 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: maxSockets (int): 0
2019-01-10 21:57:46,955 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: maxThreads (int): 0
2019-01-10 21:57:46,955 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: max_view_cache_size (int): 1000
2019-01-10 21:57:46,955 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: mgmtHostPort (str): 127.0.0.1:8089
2019-01-10 21:57:46,956 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: minify_css (bool): True
2019-01-10 21:57:46,956 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: minify_js (bool): True
2019-01-10 21:57:46,956 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: module_dir (str): share/splunk/search_mrsparkle/modules
2019-01-10 21:57:46,957 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: mrsparkle_path (str): /opt/splunk/share/search/mrsparkle
2019-01-10 21:57:46,957 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: os_name (str): UNKNOWN_OS_NAME
2019-01-10 21:57:46,957 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: override_JSON_MIME_type_with_text_plain (bool): True
2019-01-10 21:57:46,958 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: pdfgen_is_available (int): 1
2019-01-10 21:57:46,958 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: pivot_adhoc_acceleration_mode (str): Elastic
2019-01-10 21:57:46,958 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: privKeyPath (str): $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
2019-01-10 21:57:46,958 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: productMenuLabel (str): My Splunk
2019-01-10 21:57:46,959 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: productMenuUriPrefix (str): https://splunkcommunities.force.com
2019-01-10 21:57:46,959 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: product_type (str): splunk
2019-01-10 21:57:46,959 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: remoteGroupsMatchExact (int): 0
2019-01-10 21:57:46,959 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: remoteGroupsQuoted (bool): False
2019-01-10 21:57:46,960 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: remoteUser (str): REMOTE-USER
2019-01-10 21:57:46,960 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: remoteUserMatchExact (int): 0
2019-01-10 21:57:46,960 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: request.show_tracebacks (bool): False
2019-01-10 21:57:46,960 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: response.timeout (int): 7200
2019-01-10 21:57:46,960 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: root_endpoint (str): /
2019-01-10 21:57:46,961 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: rss_endpoint (str): /rss
2019-01-10 21:57:46,961 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: sendStrictTransportSecurityHeader (bool): False
2019-01-10 21:57:46,961 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: server.max_request_body_size (int): 524288000
2019-01-10 21:57:46,961 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: server.socket_host (str): 127.0.0.1
2019-01-10 21:57:46,962 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: server.socket_port (int): 8065
2019-01-10 21:57:46,962 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: serverCert (str): $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
2019-01-10 21:57:46,962 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: serverName (str):
2019-01-10 21:57:46,962 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: server_pooling_storage (str):
2019-01-10 21:57:46,962 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: showProductMenu (bool): False
2019-01-10 21:57:46,963 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: showUserMenuProfile (bool): False
2019-01-10 21:57:46,963 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: simple_error_page (bool): False
2019-01-10 21:57:46,963 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: site_packages_path (str): /opt/splunk/lib/python2.7/site-packages
2019-01-10 21:57:46,963 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: splunkdConnectionTimeout (int): 30
2019-01-10 21:57:46,964 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: splunkdTrustedIP (NoneType): None
2019-01-10 21:57:46,964 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: sslVersions (str): tls1.2
2019-01-10 21:57:46,964 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: start_time (float): 1547128666.93
2019-01-10 21:57:46,964 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: startwebserver (int): 1
2019-01-10 21:57:46,964 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: staticAssetId (str): 000
2019-01-10 21:57:46,965 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: staticCompressionLevel (int): 9
2019-01-10 21:57:46,965 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: static_dir (str): share/splunk/search_mrsparkle/exposed
2019-01-10 21:57:46,965 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: static_endpoint (str): /static
2019-01-10 21:57:46,965 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: staticdir (str): /opt/splunk/share/splunk/search_mrsparkle/exposed
2019-01-10 21:57:46,966 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: template_dir (str): share/splunk/search_mrsparkle/templates
2019-01-10 21:57:46,966 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: testing_dir (str): share/splunk/testing
2019-01-10 21:57:46,966 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: testing_endpoint (str): /testing
2019-01-10 21:57:46,966 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.csrfcookie.name (str): splunkweb_csrf_token_80
2019-01-10 21:57:46,966 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.csrfcookie.port (str): 80
2019-01-10 21:57:46,967 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.decode.on (bool): True
2019-01-10 21:57:46,967 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.encode.encoding (str): utf-8
2019-01-10 21:57:46,967 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.encode.on (bool): True
2019-01-10 21:57:46,967 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.hook_injection_tool.on (bool): True
2019-01-10 21:57:46,968 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.log_headers.on (bool): True
2019-01-10 21:57:46,968 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.log_tracebacks.on (bool): True
2019-01-10 21:57:46,968 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.response_headers.headers (list): [('Server', 'Splunk')]
2019-01-10 21:57:46,968 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.response_headers.on (bool): True
2019-01-10 21:57:46,968 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.forceSecure (bool): False
2019-01-10 21:57:46,969 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.httponly (bool): True
2019-01-10 21:57:46,969 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.name (str): session_id_80
2019-01-10 21:57:46,969 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.on (bool): True
2019-01-10 21:57:46,969 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.restart_persist (bool): True
2019-01-10 21:57:46,970 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.secure (bool): False
2019-01-10 21:57:46,970 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.storage_path (str): /opt/splunk/var/run/splunk
2019-01-10 21:57:46,970 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.storage_type (str): file
2019-01-10 21:57:46,970 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.sessions.timeout (int): 60
2019-01-10 21:57:46,970 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: tools.trailing_slash.on (bool): True
2019-01-10 21:57:46,971 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: trap_module_exceptions (bool): True
2019-01-10 21:57:46,971 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: trustedIP (str): 127.0.0.1
2019-01-10 21:57:46,971 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: ui_inactivity_timeout (int): 60
2019-01-10 21:57:46,971 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: updateCheckerBaseURL (str): https://quickdraw.splunk.com/js/
2019-01-10 21:57:46,972 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: use_future_expires (bool): True
2019-01-10 21:57:46,972 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: userRegistrationURL (str): https://www.splunk.com/page/sign_up
2019-01-10 21:57:46,972 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: verifyCookiesWorkDuringLogin (bool): True
2019-01-10 21:57:46,972 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: version_label (str): UNKNOWN_VERSION
2019-01-10 21:57:46,973 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: version_number (str): 4.0
2019-01-10 21:57:46,973 INFO [5c374f3b517fe75f247990] root:653 - CONFIG: x_frame_options_sameorigin (bool): True
2019-01-10 21:57:46,974 INFO [5c374f3b517fe75f247990] root:720 - DJANGO: configuring...
2019-01-10 21:57:47,041 ERROR [5c374f3b517fe75f247990] root:662 - DJANGO: There was an error starting:
2019-01-10 21:57:47,042 ERROR [5c374f3b517fe75f247990] root:663 - The SECRET_KEY setting must not be empty.
Traceback (most recent call last):
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 660, in run
configure_django(global_cfg)
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 737, in configure_django
if should_start_django() or FORCE_ENABLE_DJANGO:
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/root.py", line 770, in should_start_django
return len(settings.DISCOVERED_APPS) > 0 and not isLite()
File "/opt/splunk/lib/python2.7/site-packages/django/conf/
self.setup(name)
File "/opt/splunk/lib/python2.7/site-packages/django/conf/init.py", line 48, in _setup
self._wrapped = Settings(settings_module)
File "/opt/splunk/lib/python2.7/site-packages/django/conf/init.py", line 152, in __init_
raise ImproperlyConfigured("The SECRET_KEY setting must not be empty.")
ImproperlyConfigured: The SECRET_KEY setting must not be empty.
2019-01-10 21:57:47,044 INFO [5c374f3b517fe75f247990] root:130 - ENGINE: Bus STARTING
2019-01-10 21:57:47,067 INFO [5c374f3b517fe75f247990] root:130 - ENGINE: Started monitor thread '_TimeoutMonitor'.
2019-01-10 21:57:47,175 INFO [5c374f3b517fe75f247990] root:130 - ENGINE: Serving on 127.0.0.1:8065
2019-01-10 21:57:47,176 INFO [5c374f3b517fe75f247990] root:130 - ENGINE: Bus STARTED
2019-01-10 21:57:47,250 INFO [5c374f5b3e7fe75d3e72d0] root:130 - ENGINE: Started monitor thread 'Monitor'.
/opt/splunk/var/log/splunk/splunkd.log
01-11-2019 05:45:01.216 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 06:00:01.293 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 06:10:23.466 +0800 INFO IndexWriter - Creating hot bucket=hot_v1_704, idx=perfmon, event timestamp=1547158222, reason="suitable bucket not found, number of hot buckets=1, max=3; closest bucket localid=703, earliest=1547128310, latest=1547158220"
01-11-2019 06:10:23.466 +0800 INFO DatabaseDirectoryManager - idx=perfmon Writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/perfmon/db', pendingBucketUpdates=0 . Reason='Adding bucket, bid=perfmon~704~3A3E737F-D1C1-404E-B169-C09CC8A5A330'
01-11-2019 06:10:23.468 +0800 INFO DatabaseDirectoryManager - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/perfmon/db
01-11-2019 06:15:00.749 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 06:30:00.618 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 06:45:00.665 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 07:00:00.779 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 07:15:00.351 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 07:30:00.362 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 07:45:00.442 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 08:00:00.515 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 08:15:00.539 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 08:30:00.830 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 08:45:00.589 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 09:00:00.648 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 09:15:00.703 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
01-11-2019 09:19:33.496 +0800 WARN HttpListener - Connection from 10.8.1.163 didn't send us any data, disconnecting
01-11-2019 09:30:00.444 +0800 ERROR SearchParser - The name '| eval AlertName = "Disk % Free Critical" | eval Severity="Critical" | eval Details = "Average free disk space value has been in a critical state for 15 minutes or more." | collect' is invalid. Macro and argument names may only include alphanumerics, '' and '-'.
login webpage:
500 Internal Server Error
Return to Splunk home page
View more information about your request (request ID = 5c37efe1bd7fe74c7d0c10) in Search
ps:httpport = 80
Looks like you have managed to disrupt the SSL config on that server.
Have you changed certificates recently?
I tried to change the web SSL Certificate, but I had to restore (. bak) through the backup file, but I couldn't recover. Please help