Re: After upgrading to 4.2 Failed to start splunkw...

elusive · ‎03-17-2011

Upgrade from 4.1.x to 4.2, when I try to start Splunk Splunkd starts but splunkweb fails with the following message:

D:\Program Files\splunk\bin>splunk start

Splunk> All batbelt. No tights.

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking configuration...  Done.
        Checking index directory...
        Validated databases: _audit _blocksignature _internal _thefishbucket his
tory main summary summary_forwarders summary_hosts summary_indexers summary_pool
s summary_sources summary_sourcetypes
        Done
Success
   Checking conf files for typos...
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Splunkd: Starting (pid 3748)
Done.
Starting splunkweb...
Splunkweb: Stopped
Failed to start splunkweb service.

D:\Program Files\splunk\bin>

gkanapathy · ‎03-18-2011

You should note that this is on Windows.

elusive · ‎03-17-2011

Splunk Web services needs to be rebuilt. In order to rebuild your services, run the following:

Make sure Splunkd and Splunk Web are both stopped:
D:\Program Files\splunk\bin>splunk stop Splunkweb: Stopped Splunkd: Stopped
Remove the Splunkd and SplunkWeb services:
D:\Program Files\splunk\bin>splunk disable boot-start Removing service Splunkd Service removed Disabled. Removing service Splunkweb Service removed Disabled.
Now rebuild splunkd and Splunkweb services:
D:\Program Files\splunk\bin>splunk enable boot-start Installing service Splunkd Service installed Registering the Python Service Manager... Installing service Splunkweb Service installed Windows services installed. Windows services are configured to run at boot.

NOTE:

This will create Splunkd and Splunkweb services with the following properties:

Startup type = Automatic
Log On As = Local System

Depending on your configuration you will need to make changes to it.
You can make changes in the services console or via the "sc command line program" .

The following instruction is run in the services console:

Open windows services console (Start >Control Panel > Administrative Tools > Services)
Double click on splunkd services
Change the Startup type in General Tab. Change the Log On As account in Log On tab.

The following is to make changes using sc command
Note: you must have a space following the "=" for the value to be specified properly in the sc config command

1. To make changes for Splunkd startup enter:

D:\Program Files\splunk\bin>sc config Splunkd start= demand [SC] ChangeServiceConfig SUCCESS

D:\Program Files\splunk\bin>

2. To make changes for SplunkWeb startup enter:

D:\Program Files\splunk\bin>sc config Splunkweb start= demand [SC] ChangeServiceConfig SUCCESS

To make changes for Splunkd Log On As:

D:\Program Files\splunk\bin>sc config Splunkd obj= {domain}{adminAccount} password= {password} [SC] ChangeServiceConfig SUCCESS

D:\Program Files\splunk\bin>

NOTE: please replace {domain}, {adminAccount} and {password} with your Splunk domain administrator account.

3. To make changes for Splunkweb Log On As enter:

D:\Program Files\splunk\bin>sc config Splunkweb obj= {domain}{adminAccount} password= {password} [SC] ChangeServiceConfig SUCCESS

D:\Program Files\splunk\bin>

NOTE: please replace {domain}, {adminAccount} and {password} with your Splunk domain administrator account.

Additional reference link: http://www.splunk.com/base/Documentation/4.2/Admin/ConfigureSplunktostartatboottime

After upgrading to 4.2 Failed to start splunkweb service

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases