All Apps and Add-ons

How do we connect to a splunk server sitting behind an elastic load balancer in aws ?

Explorer

Hi All

I am trying to connect to a local instance of Splunk using the following code in java splunk sdk
loginArgs.setUsername( "qa" );
loginArgs.setPassword( "myTest" );
loginArgs.setHost( "myhost" );
loginArgs.setPort( 8089 );

    Service service = new Service( loginArgs );
    service.login();

This works fine
But the moment i try to connect to an aws instance sitting behind an elb we get connection time outs

Any particular conf settings that we need to ensure ?
Any help is appreciated

0 Karma
1 Solution

Explorer

Finally i found out a way to connect

Steps 1) Open ports 8089 from your organisation
2) Open ports 8089 at both elb and instance level
3) Configure splunk as allowRemoteLogin = always in server.conf
4) Add enableSplunkdSSL = false in server.conf

View solution in original post

Explorer

Finally i found out a way to connect

Steps 1) Open ports 8089 from your organisation
2) Open ports 8089 at both elb and instance level
3) Configure splunk as allowRemoteLogin = always in server.conf
4) Add enableSplunkdSSL = false in server.conf

View solution in original post

Explorer

Hi All

I had checked my open ports and it seemed that 8089 was not open
However i was running into other issues

for eg.
if i use loginArgs.setScheme( "http" ); for the same 8089 port i get the following
Exception in thread "main" java.lang.RuntimeException: Unexpected end of file from server
at com.splunk.HttpService.send(HttpService.java:365)
at com.splunk.Service.send(Service.java:1268)
at com.splunk.HttpService.post(HttpService.java:243)
at com.splunk.Service.login(Service.java:1099)
at com.splunk.Service.login(Service.java:1079)
at splunk.SplunkMain.main(SplunkMain.java:47)
Caused by: java.net.SocketException: Unexpected end of file from server
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:772)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:769)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1323)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at com.splunk.HttpService.send(HttpService.java:362)

0 Karma

Explorer

Also if i use loginArgs.setScheme("https")

i get this
Exception in thread "main" java.lang.RuntimeException: Received fatal alert: handshakefailure
at com.splunk.HttpService.send(HttpService.java:345)
at com.splunk.Service.send(Service.java:1268)
at com.splunk.HttpService.post(HttpService.java:243)
at com.splunk.Service.login(Service.java:1099)
at com.splunk.Service.login(Service.java:1079)
at splunk.SplunkMain.main(SplunkMain.java:47)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake
failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav...
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.splunk.HttpService.send(HttpService.java:338)
... 5 more

0 Karma

Communicator

Can you reach the ip from the box where your code run ? (for example ping it)
While you do the test, what are the results of netstats -an | grep 8089 ?
if you see a SYN_SENT, you've got a firewall blocking between you and the LB.
If you see ESTABLISHED, that could be between the LB and your splunk instance that there's a problem

At a last resort try telnet host 8089 from a shell

Hope that helps

0 Karma

Explorer

Hi Matthieu

I tried to do telnet through my machine

i got this
telnet: Unable to connect to remote host: Connection timed out

is there any specific configuration i need to do on aws side as i have a public ip and also i have a 8089 port forwarding.

0 Karma

Champion

First try disabling the firewall. if not then ask your network team to look into it

telnet IP_Add 8089

it has to be successful to make it work further

0 Karma

SplunkTrust
SplunkTrust

Make sure that your ELB is public, with a public IP. If it is internal only, it won't work. I don't know your AWS settings, but you need to make sure it is reachable from your location. Verify that the ELB is set to forward 8089->8089 as well.

0 Karma