- Splunk Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- How to troubleshoot why I am unable to start Splun...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to troubleshoot why I am unable to start Splunk services (splunkd, splunkweb, splunkforwarder)?
Hello Everyone,
1) I had installed Splunk on Windows 2008 R2 a month ago.
2) Everything was good.
3) Today I have installed Splunk for SiteScope
4) Installed a forwarder on same server.
5) Added a few remote data sources
6) Firewall rules are configured correctly
Now I am unable to start Splunk services:
splunkd
splunkforwarder
splunkweb
All three services looks like in stuck state though they are showing started.
If I am trying to restart a service, it doesn't start instantly. I need to do 2 attempts.
Getting following error:
This page can’t be displayed
•Make sure the web address http://localhost:8000 is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.
netstat -a command doesn't show port 8000.
My application stops working.
Thanks
Sonia
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I imagine installing the forwarder on the same server started the problems. By default, the forwarder and splunk enterprise will try to use port 8089 for management. You should look at changing the forwarder to use another port, or disable its rest endpoint via server.conf (disableDefaultPort = true).
On a side note, why are you running a forwarder on the same machine as your main splunk instance? Also what version of Splunk are you running?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Hortonew,
Thanks for your reply.
I am learning Splunk.
I think, I have installed Splunk 6.x for Windows 2008 R2.
I have few questions.
I have installed Splunk on HP sitescope server.
Sitescope doesn't have very good reporting capability.
All required data is already available in SiteScope log files on same server.
I have also installed app Splunk for SiteScope.
So do I need to Install forwarder?
Where I will get Splunk - SiteScope integration guide.
Thanks
Sonia
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So on Windows 2008 you are running Splunk enterprise correct? The server. That should be the only thing running on that server. On your sitescope server, you should install the splunk universal forwarder to collect logs.
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
