Solved: Re: Splunk service won’t start on indexer

Itzmeaj · ‎06-16-2021

Hello, I was wondering if anyone else has had this issue before, I just recovered an indexer from a damaged file system. When I attempt to start splunk I get an error about the xml.sax module not found, it appears as this:

splunk start

Traceback (most recent call last):
  File "/opt/splunk/lib/python3.7/site-packages/splunk/clilib/common.py", line 16, in <module>
    from xml.sax import saxutils 
ModuleNotFoundError: No module named 'xml.sax'

This is the error from my memory, I will double check it is exactly correct tomorrow.

isoutamo · ‎06-16-2021

Hi

as you said that FS was corrupted/damaged it's quite possible that there are some missing/corrupted files on this FS. If you can trust that filesystem then just install the same splunk version over current one or restore it from backups. If you cannot trust it then copy/backup the current one and create new for it, restore + install over the new FS.

r. Ismo

View solution in original post

isoutamo · ‎06-16-2021

Hi

as you said that FS was corrupted/damaged it's quite possible that there are some missing/corrupted files on this FS. If you can trust that filesystem then just install the same splunk version over current one or restore it from backups. If you cannot trust it then copy/backup the current one and create new for it, restore + install over the new FS.

r. Ismo

Itzmeaj · ‎06-17-2021

Thank you, I should’ve tried the simplest solution first!

Splunk service won’t start on indexer

administration

troubleshooting

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases