Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I unable to start the splunk service?

skuma30
New Member
‎01-04-2017 01:42 PM

I tried to stop my splunk service, but it didn't work, so I killed the PID's so I can start splunk, but when I tried to start it later, it wouldn't start. When I entered splunk start, it is going a while with no output at all. It just hangs and there is nothing happening. Is there any solution for this that should be helpful for me?

0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎01-04-2017 04:06 PM

Why were u stopping splunk??

Any chance you were trying to enable ssl or install new certs??

- MattyMo
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-04-2017 02:33 PM

Hi skuma30,
Which Splunk Version are you using and what Operative System?
I found the same problem on AIX 7.1 and I opened a case to Splunk Support.
There was a bug on all the versions available in december: 6.4.5, 6.5.1 and 6.3.8, that will be solved in the new minor releases of every Version.
I suggest to open a case to Splunk.
Bye.
Giuseppe

0 Karma
Reply

supabuck
Path Finder
‎01-04-2017 01:52 PM

Hello,

Try looking in splunkd.log. It contains information on what is occurring at the time which you are trying to start the service and while the service is running it will log events informing you of how it is running.

Lets say you have it installed in linux, the path would be $SPLUNK_HOME/var/log/splunk/splunkd.log

In the case of my personal instance I would use the following command to see what splunk is doing while it is starting up:

tail -f /opt/splunk/var/log/splunk/splunkd.log

Let us know what you find within this file.

Regards,
supabuck

0 Karma
Reply

skuma30
New Member
‎01-04-2017 01:58 PM

Here are the last logs of splunkd.

01-04-2017 19:34:57.551 +0000 ERROR TcpInputFd - SSL Error for fd from HOST:x, IP:x, PORT:51285
01-04-2017 19:35:57.605 +0000 ERROR TcpInputFd - SSL Error = error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
01-04-2017 19:35:57.605 +0000 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0
01-04-2017 19:35:57.605 +0000 ERROR TcpInputFd - SSL Error for fd from HOST:x, IP:x, PORT:51709
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...