我安装了 Splunk Enterprise 8 splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64.rpm,但由于空间不足,我连接了新的 50GB 硬盘并创建了一个分区并将其挂载在上面/opt。然后我将所有数据从旧硬盘/opt移到新/opt硬盘,但是当我尝试重新启动 splunk 服务时,systemctl restart splunk我收到了此错误消息:
/opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
/opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
/opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
Did not find "disabled" setting of "kvstore" stanza in server bundle.
Splunk> CSI: Logfiles.
Checking prerequisites...
/opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
Checking mgmt port [8089]: /opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
open
/opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
Checking kvstore port [8191]: /opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
open
/opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
/opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
SSL certificate generation failed.
[root@logging (bin)]$ 10:23:28 > systemctl status -l splunk
● splunk.service - SYSV: Splunk indexer service
Loaded: loaded (/etc/rc.d/init.d/splunk; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-11-20 10:23:28 +03; 4s ago
Docs: man:systemd-sysv-generator(8)
Process: 14675 ExecStop=/etc/rc.d/init.d/splunk stop (code=exited, status=0/SUCCESS)
Process: 14954 ExecStart=/etc/rc.d/init.d/splunk start (code=exited, status=127)
Nov 20 10:23:28 logging splunk[14954]: open
Nov 20 10:23:28 logging splunk[14954]: Checking kvstore port [8191]: /opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
Nov 20 10:23:28 logging splunk[14954]: /opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
Nov 20 10:23:28 logging splunk[14954]: open
Nov 20 10:23:28 logging splunk[14954]: /opt/splunk/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory
Nov 20 10:23:28 logging splunk[14954]: SSL certificate generation failed.
Nov 20 10:23:28 logging systemd[1]: splunk.service: control process exited, code=exited status=127
Nov 20 10:23:28 logging systemd[1]: Failed to start SYSV: Splunk indexer service.
Nov 20 10:23:28 logging systemd[1]: Unit splunk.service entered failed state.
Nov 20 10:23:28 logging systemd[1]: splunk.service failed.
然后我安装包“yum install /libmongoc-1.0.so.0”并重新启动 splunk 服务,但这次我收到了此消息
[root@logging (bin)]$ 11:45:23 > ./splunk restart
splunkd 16147 was not running.
Stopping splunk helpers...
[ OK ]
Done.
Stopped helpers.
Removing stale pid file... done.
splunkd is not running. [FAILED]
Splunk> CSI: Logfiles.
Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64-manifest'
Error initializing openssl -- cannot compute checksums.
Error encountered while attempting to validate files
Problems were found, please review your files and move customizations to local
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
[ OK ]
Splunk 服务已启动,但我无法从浏览器访问。当我在 Splunk Web GUI 中输入用户名和密码时,我收到以下消息:
您的网络连接可能已丢失或 Splunk 可能已关闭。您的会话已过期。登录以返回系统。
答案1
尝试备份 etc 和 var,然后在新驱动器上重新安装 splunk,然后将文件夹放在那里。也许这可以解决问题