Splunk Enterprise

Splunk Enterprise splunkd service randomly retarts causing session timeout

Koman
Engager

Good day,

I am having an issue where all users are randomly and incorrectly logged out (session timeout) while actively using the dashboard.

I noticed that every time this occurs the splunk service has restarted. Every "ps -ef |grep splunk" gives a new timestamp after a session timeout so Splunk is restarting for some reason.

Koman_0-1602045880546.png

I am also seeing these these logs in splunkd.log (see attached image)

Koman_0-1602059213607.png

 

And then there is this but the permissions look correct.

ERROR ExecProcessor - message from "/usr/bin/timeout -s9 10m /opt/ping-scripts/ping_checks.sh -index ping-check" /usr/bin/timeout: failed to run command ‘/opt/ping-scripts/ping_checks.sh’: Permission denied

Koman_1-1602046217907.png

I have also set the following

web.conf

tools.sessions.timeout = 100000

ui_inactivity_timeout = 100000

 

server.conf

sessionTimeout = 4h

 

I also ran “sudo /opt/splunk/bin/splunk btool check –debug” to check for conf file syntax errors and corrected them all. Splunk does not give any errors when starting up.

 

Thank you kindly!

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Koman,

the only hint in this situation is to open a new case to Splunk Support.

If your server is a production server they intervene very quickly.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...