Splunk SOAR (f.k.a. Phantom)

Phantom 4.1 startup error

New Member

Dear Team,

I am karthik from prudential singapore, our Phantom UAT server suddenly goes down.

when we attempt to restart the server it says pgbouncer failed, server reboot didn't help.

i have pasted the error messages below, Could you please check and let me know how to resolve this error.


[frioux03@asgprholupht001 ~]$ dzdo /apps/phantom/bin/stop_daemon.sh all
phantom_decided is already stopped
phantom_workflowd is already stopped
phantom_ingestd is already stopped
phantom_actiond is already stopped
phantom_clusterd is already stopped
[frioux03@asgprholupht001 ~]$ dzdo /apps/phantom/bin/stop_phantom.sh
Shutting down all Phantom services
Phantom shutdown successful
[frioux03@asgprholupht001 ~]$ dzdo /apps/phantom/bin/start_phantom.sh
Starting all Phantom services
Phantom startup failed: pgbouncer
[frioux03@asgprholupht001 ~]$
[342122@asgprholupht001 ~]$ systemctl status pgbouncer.service
● pgbouncer.service - A lightweight connection pooler for PostgreSQL
Loaded: loaded (/etc/systemd/system/pgbouncer.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2020-07-08 10:55:52 UTC; 16min ago
Process: 4870 ExecStop=/opt/phantom/bin/stop_pgbouncer.sh $MAINPID (code=exited, status=203/EXEC)
Process: 4343 ExecReload=/usr/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 4704 ExecStart=/usr/bin/pgbouncer -d -q ${BOUNCERCONF} (code=exited, status=0/SUCCESS)
Main PID: 4706 (code=exited, status=0/SUCCESS)
Labels (3)
0 Karma

Splunk Employee
Splunk Employee

Any update on your situation?

0 Karma


@karthikes no sure if you ever worked out what was wrong but I take it you checked space for the database is not restricted/full?

The pgbouncer account is used to access the database so if this is a single system (non-clusered) there must be an issue communicating or starting the database up.

If this helped , please tick below! Thanks.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...