Documentation > Splunk > FAQ > Troubleshooting

FAQ

 


General Information
Company Background
How Splunk Works
Purchasing Splunk
Splunk Base and the Splunk Community
Customers and Partners
Getting Started
Accessing Data
How Splunk Handles Data
Administration
Integrating and Extending Splunk
Troubleshooting
  • Troubleshooting
Getting Help

Troubleshooting

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Troubleshooting

I've just applied the Enterprise License and Splunk now wants me to log in. What are my login credentials?

The default username is admin and password is changeme.


I type in a term I know is in my data. Why don't I get any results?

Splunk indexes data by breaking it into segments. It searches for exact matches. If you type in "foo," Splunk expects to find a segment that is an exact match to "foo." It won't match "sfoo" or "food." For these types of searches, you can use the * as a wildcard (e.g."*foo" or "foo*").


If that doesn't work, start with a more broad search, such as "meta::all." To see how Splunk has broken your events into segments, mouse over a result - each separate string that highlights is a separate segment.


I go to the URL for my Splunk server and there's nothing there. What do I do?

First, make sure you have the right server URL. Try to telnet or ssh to the host. If you can login, check to see if both Splunk processes are running. At the shell prompt, type $SPLUNK_HOME/bin/splunk status. Or just use the ps command. You should see two processes - splunkd and splunkWeb (twisted.py).


Restart the Splunk server by typing "splunk restart." It should report [ OK ] for both splunkd and splunkWeb.


Splunk starts but Splunkd won't start. What do I do?

Make sure you have the correct path when you are starting Splunk. The best way to verify this is to navigate into $SPLUNK_HOME/bin and type ./splunk restart. ($SPLUNK_HOME is the path you installed in). If Splunk still won't start, contact support.


The webserver is saying splunkd is down but it isn't. What is the matter?

The webserver needs to connect to the splunk daemon via the management port; by default this port is 8089. The most common reason for this error is the webserver is unable to connect to this port. Some good things to check


I'm running low on disk space. What do I do?

See our Admin Manual section on Index Management.


I've made some config changes, but I'm not sure if they're working.

See the Admin Manual section on Testing Configuration Changes.


My 2.x license doesn't work with 3.0

Version 3 introduces a new license key format. If you are an existing 2.x customer your license will not work with 3.0. Plus Support customers are entitled to upgrade their 2.x license to 3.0. Please contact Splunk Support for your 3.0 license.


If you are using the free license you can perform the following steps:


I can't export results in Internet Explorer 6

There is a bug in Internet Explorer with regard to file downloads over SSL. The problem and resolution are documented here


How do I disable the "Checking for Updates" message?

Add this to your [settings] stanza in web.conf (create a new file in $SPLUNK_HOME/etc/system/local if necessary):


updateCheckerBaseURL = 0

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.4.3/Faq/Troubleshooting"

This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 , 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!