All Apps and Add-ons

How to host Splunk on Azure

Craigrow
Explorer

I want to run Splunk on an Azure VM and use it from the browser on my desktop PC. In the Azure VM I can get to the login page at mysplunkserver:8000. However, from my desktop I cannot get to mysplunkserver:8000.cloudapp.net. I changed the Splunk web port to 80. Now I can login at mysplunkserver from the VM but I still cannot login from my desktop at mysplunkserver.cloudapp.net.

Any ideas what I need to do?

0 Karma

johnthsu
Engager

Thanks Glenn:
Great!!! Works with me.

0 Karma

charris_splunk
Splunk Employee
Splunk Employee

Please see this answer:
http://answers.splunk.com/answers/124069/hosting-splunk-on-windows-azure

Also, I noticed that you have the port in the wrong location of you URL. Once the endpoints are configured, the public URL should resemble this: https://my-splunk-instance.cloudapp.net:8000

gblock_splunk
Splunk Employee
Splunk Employee

Hi Craig

You can easily do this as I've done it both for Windows and Linux, you just need to open the ports.

By default ports 8000 and 8089 are not open, you must open them up in order to allow external access. You will need to do one or both of the following:

  1. You must open up endoints on the VM for ports 8000 and 8089. You can do this in the Azure portal by modifying your VM's configuration and adding the two endpoints. You can also use the Azure Powershell cmdlets or the Azure xPlat command line tools. If you want to you can change the mapping of the endpoints so that the external ports and internal ports are different. Whatever you set the internal port to, you need to make sure you've configured the Splunk instance itself to use.
  2. If your VM is using a Windows image, you also need to add inbound rules to the Windows Firewall for both ports. You can do this by simply logging on the machine using Remote Desktop.

Let us know if this doesn't work for you!

Regards
Glenn

0 Karma

linu1988
Champion

Hello Craig,
Are you able to ping the site from your desktop? Try to get use PING and Telnet splunk_server 80.

Both will allow you to get the status whether it is reachable or not. If not try to turn off the firewall and connect. Mostly it happens due to firewall or connectivity route.

Thanks

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...