- Splunk Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Error stopping service Splunkd (1053)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I receive a strange error when I try to stop splunkd under windows by :
- splunk.exe stop or restart
services.msc > splunkd > stop
Error stopping service Splunkd (1053): The service did not respond to the stop request in a timely fashion.
The Splunkd service was forcibly stopped by the Service Control Manager.
Splunkd: Stopped
Nothing seems to be useful in var/log/splunkd.log
Anyone have an idea?
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I duno why but this message has didapear after add a new listening port on 9998, disabled the listening on 9997, restart plunkd (no error) and enabled listening on 9997.
After that, I don't see this error when I restart splunkd.
I mark this topic solved because it's ok for me after that but no root cause and no real fix to apply.
Thanks for your comments.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue is that the splunk forwarder takes more than 30 seconds to go through a restart. Windows has a 30 second default timeout and if it takes longer than 30 seconds will throw a timeout error.
This can be fixed by adding a setting in the registry and restarting windows.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I duno why but this message has didapear after add a new listening port on 9998, disabled the listening on 9997, restart plunkd (no error) and enabled listening on 9997.
After that, I don't see this error when I restart splunkd.
I mark this topic solved because it's ok for me after that but no root cause and no real fix to apply.
Thanks for your comments.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where did you update 9997 to 9998?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In which config file did you update this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When I see this error it generally occurs when there is a heavy index load, and my understanding is that splunkd will not stop when it is busy indexing it's buffer - splunkd will stop new data from entering the buffer, and index what is in the buffer before it shuts down. Windows does not really care if splunkd is not ready to shutdown - Windows gives the service a certain amount of time to shutdown, and if it does not shutdown in that amount of time then Windows shuts it down.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, but it's apear on an heavy forwarder, without indexing, juste forwarding.
After 3 or 4 successive restarts and no listening ports, buffers should be empty but this messages still here.
It seems to not be the cause.
How to check if all buffers are empty or other processing tasks running ?
How to stop properly splunk ?
Splunk Custom Visualizations App End of Life
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
