Hi All, Currently we are facing an issue in accessing the splunk web interface, as soon as we hit the splunk URL http:hostname.com:8000 the portal goes in hung mode, so when checked into the splunkd.log, could see the below WARN message not sure what should be done to fix this issue.
splunkd.log details
07-12-2017 01:20:45.428 -0400 WARN DispatchSearchMetadata - could not read metadata file: /opt/splunk/var/run/splunk/dispatch/SummaryDirector_1499769163.453/metadata.csv
07-12-2017 01:20:45.429 -0400 WARN DispatchSearchMetadata - could not read metadata file: /opt/splunk/var/run/splunk/dispatch/SummaryDirector_1499769163.454/metadata.csv
07-12-2017 01:20:45.429 -0400 WARN DispatchSearchMetadata - could not read metadata file: /opt/splunk/var/run/splunk/dispatch/SummaryDirector_1499770963.455/metadata.csv
07-12-2017 01:20:45.429 -0400 WARN DispatchSearchMetadata - could not read metadata file: /opt/splunk/var/run/splunk/dispatch/SummaryDirector_1499770963.456/metadata.csv
07-12-2017 01:20:45.429 -0400 WARN DispatchSearchMetadata - could not read metadata file: /opt/splunk/var/run/splunk/dispatch/SummaryDirector_1499772763.457/metadata.csv
07-12-2017 01:20:45.429 -0400 WARN DispatchSearchMetadata - could not read metadata file: /opt/splunk/var/run/splunk/dispatch/SummaryDirector_1499772763.458/metadata.csv
07-12-2017 01:20:45.429 -0400 WARN DispatchSearchMetadata - could not read metadata file: /opt/splunk/var/run/splunk/dispatch/SummaryDirector_1499774563.459/metadata.csv
07-12-2017 01:20:45.429 -0400 WARN DispatchSearchMetadata - could not read metadata file: /opt/splunk/var/run/splunk/dispatch/SummaryDirector_1499774563.460/metadata.csv
07-12-2017 01:22:12.885 -0400 WARN HttpListener - Connection from 10.x.x.x didn't send us any data, disconnecting
07-12-2017 01:22:12.885 -0400 WARN HttpListener - Connection from 10.x.x.x didn't send us any data, disconnecting
07-12-2017 01:22:12.885 -0400 WARN HttpListener - Connection from 10.x.x.x didn't send us any data, disconnecting
07-12-2017 01:22:12.885 -0400 WARN HttpListener - Connection from 10.x.x.x didn't send us any data, disconnecting
Below ERROR tell that its unable to communicate with the indexer instances.
07-07-2017 10:02:43.320 -0400 ERROR SyslogOutputConfig - Syslog output server not in expected format. Please use : format
07-08-2017 01:33:00.065 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x:9997 failed
07-08-2017 01:42:28.078 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x:9997 failed
07-08-2017 01:45:57.370 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x:9997 failed
07-08-2017 01:46:57.211 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x:9997 failed
07-09-2017 14:28:51.100 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x:9997 failed
07-09-2017 14:32:20.308 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x failed
07-09-2017 14:32:20.309 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x:9997 failed
07-09-2017 14:32:50.140 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x failed
07-09-2017 14:33:49.829 -0400 ERROR TcpOutputFd - Connection to host=10.x.x.x failed
Kindly guide me how to fix the issue .
Hi All the issue got resolved after clearing the catch from the browser, as it was taking the previous session when there was an issue with the splunk instance running in Heavy forwarder instance, same catch was stored in the browser and it was not reading it from splunk instance. After clearing the catch it started working.
thanks all.
Hi All the issue got resolved after clearing the catch from the browser, as it was taking the previous session when there was an issue with the splunk instance running in Heavy forwarder instance, same catch was stored in the browser and it was not reading it from splunk instance. After clearing the catch it started working.
thanks all.
I converted your comment to the answer. Go ahead and accept it as the answer so you can close it out and allow others to reference this in the future