I tried to stop my splunk service, but it didn't work, so I killed the PID's so I can start splunk, but when I tried to start it later, it wouldn't start. When I entered splunk start, it is going a while with no output at all. It just hangs and there is nothing happening. Is there any solution for this that should be helpful for me?
Why were u stopping splunk??
Any chance you were trying to enable ssl or install new certs??
Hi skuma30,
Which Splunk Version are you using and what Operative System?
I found the same problem on AIX 7.1 and I opened a case to Splunk Support.
There was a bug on all the versions available in december: 6.4.5, 6.5.1 and 6.3.8, that will be solved in the new minor releases of every Version.
I suggest to open a case to Splunk.
Bye.
Giuseppe
Hello,
Try looking in splunkd.log. It contains information on what is occurring at the time which you are trying to start the service and while the service is running it will log events informing you of how it is running.
Lets say you have it installed in linux, the path would be $SPLUNK_HOME/var/log/splunk/splunkd.log
In the case of my personal instance I would use the following command to see what splunk is doing while it is starting up:
tail -f /opt/splunk/var/log/splunk/splunkd.log
Let us know what you find within this file.
Regards,
supabuck
Here are the last logs of splunkd.
01-04-2017 19:34:57.551 +0000 ERROR TcpInputFd - SSL Error for fd from HOST:x, IP:x, PORT:51285
01-04-2017 19:35:57.605 +0000 ERROR TcpInputFd - SSL Error = error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-04-2017 19:35:57.605 +0000 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0
01-04-2017 19:35:57.605 +0000 ERROR TcpInputFd - SSL Error for fd from HOST:x, IP:x, PORT:51709