- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Splunkd won't restart after power failure
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunkd won't restart after power failure
I'm running Splunk 4.1.3 on Windows 2008 R2 x64 and had a poweroutage. The splunkd service will not restart.
Crash LOG:
[build 80534] C++ exception: object@[0x0000000002CCDF20], type@[0x00000001410CA850] Exception is Non-continuable Exception address: [0x000007FEFD9BAA7D]
Crashing thread: indexerPipe
MxCsr: [0x0000000000001F80]
SegDs: [0x000000000000002B]
SegEs: [0x000000000000002B]
SegFs: [0x0000000000000053]
SegGs: [0x000000000000002B]
SegSs: [0x000000000000002B]
SegCs: [0x0000000000000033]
EFlags: [0x0000000000000202]
Rsp: [0x0000000002CCDDC0]
Rip: [0x000007FEFD9BAA7D] RaiseException + 61/80
Dr0: [0x00000000003221D0]
Dr1: [0x00000000778A7288]
Dr2: [0x0000000000000000]
Dr3: [0x00000000778A7288]
Dr6: [0x0000000000000000]
Dr7: [0x0000000000000030]
Rax: [0x00000000751B6F19]
Rcx: [0x0000000002CCD7B0]
Rdx: [0x00000000000000D0]
Rbx: [0x00000001410CA850]
Rbp: [0x000000000234FA78]
Rsi: [0x0000000002CCE080]
Rdi: [0xFFFFFFFFFFFFFFFF]
R8: [0x0000000000000000]
R9: [0x0000000000000000]
R10: [0x0000000140000000]
R11: [0x0000000002CCDE00]
R12: [0x000000000234FF80]
R13: [0x0000000000000000]
R14: [0x000000000232AE30]
R15: [0x000000000234FE70]
DebugControl: [0x0000000000000000]
LastBranchToRip: [0x0000000000000030]
LastBranchFromRip: [0x0000000000770000]
LastExceptionToRip: [0x000000000000001F]
LastExceptionFromRip: [0x0000000000000020]
OS: Windows Arch: x86-64Backtrace:
Frame 0 @[0x000000000234FA78]: (Frame below stack)Crash dump written to: C:\Program Files\Splunk\var\log\splunk\C__Program Files_Splunk_bin_splunkd_exe_crash-2010-07-14-14-12-57.dmp
HOST1 /6.1 Threads running: 9
terminating...
I've tried running this command:
C:\Program Files\Splunk\bin>splunk.exe cmd recover-metadata 1 Using logging configuration at C:\Program Files\Splunk\etc\log-cmdline.cfg.
attempting to recover: Sources.data
WARN MetaData - 1\Sources.data: initiating recover attempt error: could not recover Sources.data because '1\Sources.data is not a recoverab
le metadata'
That Warning means nothing to me.
I've also tried these two optiosn with no sucess:
http://answers.splunk.com/questions/715/corrupt-metadata
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To verify that the correct procedures have been followed, you should contact Splunk Support for further assistance.
Detecting Remote Code Executions With the Splunk Threat Research Team
Enter the Splunk Community Dashboard Challenge for Your Chance to Win!
.conf24 | Session Scheduler is Live!!
