Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

systemctl stop Splunkd hangs

harryvdtol
Path Finder
‎06-26-2024 11:49 PM

Hello,

Since a few months we are facing an issue with stopping Splunk on Red Hat Linux-rel8.

We do "systemctl stop Splunkd" to stop the Splunk proces.
In most cases Splunks stops and the systemctl prompts comes back.

But sometimes (let say 1 out of 10) Splunk stops, but the systemctl prompt does not comes back.

Then, after 6 minues (the timeout in the Splunkd.service) systemctl comes back
In /var/log/messages i see this after 6 minutes.

Splunkd.service: Failed with result 'timeout'.
Stopped Systemd service file for Splunk, generated by 'splunk enable boot-start'.

In the splunkd.log i can see that Splunk has stopped. No Splunk proces is running.
With "ps -ef | grep splunk" i can see that there a no Splunk processes running.
"ps -ef | grep systemctl" i can see that systemctl is still running.

It happens on Search cluster, index cluster, Heavy Forwarders etc.

Splunk support says is it an Red Hat Linux issue and Red Hat points to Splunk.

I wonder if we are the only one who is having this issue.

Any remarks are appreciated.

Regards,

Harry

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

AndrewBurnett
Explorer
‎08-08-2024 06:26 AM

I believe I have a fix, and curious if it resolves your issue as well. I'm in close contact with Splunk Support about this, so I'm sure documentation will be coming out shortly.

 

Follow this documentation to enable cgroupsv2, reboot, and then disable/re-enable boot-start.

https://access.redhat.com/webassets/avalon/j/includes/session/scribe/?redirectTo=https%3A%2F%2Facces...

View solution in original post

Reply
Solved! Jump to solution

harryvdtol
Path Finder
‎05-28-2025 09:54 AM

Hello,

Hereby a new update on this case
Some weeks ago we have upgraded Splunk to 941.
After the upgrade we receive erros when executing Splunk commands like splunk show .. or btool

Failed to calculate cpu count from cgroup location="V2:/sys/fs/cgroup:/user.slice/user-570057916.slice/session-9.scope:/sys/fs/cgroup:/user.slice/user-570057916.slice/session-9.scope:"

Because the Splunk version 941 added support for cgroups V2, we removed the workaround.
Since then the original issue is back: adhoc hanging of systemctl

If anyone has the issue, i really would like to know.

Regards,

Harry

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...