All Apps and Add-ons

I can not connect to splunk using AWS- Any ideas?

ohhhvictor
Path Finder

I am new to Splunk and I was trying to connect since last weekend..it keep me booting me out..Unable to connect
I was using Putty SSH
This is what I see

Any suggestions?

alt text

Tags (3)
0 Karma

Vijeta
Influencer

@ohhhvictor Check your web.conf in system/local has httpport=8000 , also check your server.conf for sslConfig stanza and see if it has sslPassword or not. In past trying to remove sslPassword and restarting splunk has worked for me.

0 Karma

ohhhvictor
Path Finder

so, so far the configuration on:

  1. AWS
  2. putty
  3. Splunk

The are ok as you can see but I can not do anything..
Splunk is not loading the site anymore
What can be wrong?

0 Karma

ohhhvictor
Path Finder

alt text

it s not a matter of security group..I am allowing all traffic because I am learning , and I need to see traffic from different ports and monitor it

so port 443 and 8000 must be open as you can see

0 Karma

ohhhvictor
Path Finder

I was connected before in putty last week..I havent modify anything..
You mention to open port 443...Where ? in putty? I am connected through ssh., port 22 now

alt text

0 Karma

PavelP
Motivator

Hello @ohhhvictor

I'm able to connect to this IP via SSH.

  1. please edit the screenshot and mask the IP address 🙂 do it ASAP
  2. make sure you're using strong splunk password. You can change it via SSH with

    su - splunk
    splunk edit user -auth admin: -password

  3. check AWS security group -> inbound rules that 8000/TCP is allowed

  4. check iptables with iptables-save that 8000/TCP is allowed

FYI: t2.micro is too small für Splunk

Let me know how it went

0 Karma

ohhhvictor
Path Finder

alt text

0 Karma

ohhhvictor
Path Finder

alt text

0 Karma

codebuilder
SplunkTrust
SplunkTrust

You have to open up ports 443 for SSH access and 8000 for web UI access in your "inbound rules".

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

codebuilder
SplunkTrust
SplunkTrust

Please don't respond with additional questions as "answers". Comment on only the original post or answer.

Are you using a Elastic Load Balancer (ELB) ?

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

ohhhvictor
Path Finder

no..should I ?

0 Karma

ohhhvictor
Path Finder

I am not an expert, but this is what I think:
I don't think that I need ELB , because I don't need to load balancing between several instances.. I only have one, as you could see

What do you think?

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...