All Apps and Add-ons

Why are we unable to access Splunk web GUI via Amazon Web Services (AWS) Elastic Load Balancing (ELB) DNS name?

vicky58
Explorer

We ran into an issue where we are unable to access Splunk web GUI using Amazon Web Services (AWS) Elastic Load Balancing (ELB) DNS name example:- http://ELB:PORT or https://ELB/en-US/account/login.

Details:- Classic Load balancer and Splnk 6.6.3 version

We are able to connect port 8000 when try with http;//IP:8000 but are unable to access GUI via ELB DNS name http://ELB:8000 .

We deployed in VPC, enabled network Security group rules internally between ELB and EC2 instance.

Below are the ELB configurations:-

Ping Target:-   
HTTP:8000/en-US/account/login?return_to=%2Fen-US%2F
Timeout: 10 seconds
Interval: 30 seconds
Un healthy threshold: 2
Healthy threshold: 10

Health check is "Inservice" — currently we are using only 1 Availability zone — Instance is healthy

Listeners:- ELB -HTTP -8000- Instance protocol - HTTP -8000

Able to open GUI using IP - http://IP:8000 , but not able to access via ELB name. Do we need to make any changes to ELB configurations..? Is any one gone through this same issue, Appreciate your help.

-> Also we tested by on enabling the HTTPS on web.conf
enableSplunkWebSSL = true, Able to open GUI on Https://IP:PORT but not Https://ELB:PORT

We are facing this issue even with HTTP Protocol. ELB-> HTTP ->8000 - Instance protocol- HTTP -> 8000 , Looking for recommended ways to configure ELB settings for HTTPS.

vicky58
Explorer

After hours of struggle made few modifications, finally we were able to open GUI using the ELB name on HTTP. But now the issue is with HTTPS protocol. Getting ELB health check failures (instance "Out of service" )over HTTPS protocol

We have enabled splunkwebSSL in local web.conf, and made changes to the ELB settings as below

Target Path:HTTPS:8000/en-US/account/login?return_to=%2Fen-US%2F
Timeout: 10 seconds
Interval: 30 seconds

Only time we are getting health check to work properly is when changing to TCP protocol, TCP:8000 but TCP is not the port we want to use as it only looks for a listening port and not that Splunk is running. As per Splunk previous answers on same issues, we did verified web.conf under /splunk_home/splunk/etc/system/default/web.conf for TLS1.2 version cyperSuite.

it is exist in our splunk web.conf default path :-

ciphers to cipherSuite:

ECDHE-RSA-AES128-SHA

sslVersions = tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ecdhCurves = prime256v1, secp384r1, secp521r1

we are seeing this issue on Splunk 6.6.3

0 Karma

back2root
Path Finder

Do you have Backend authentication enabled and if so have you configured the right back end server certificate within AWS ELB?

0 Karma

vicky58
Explorer

Nope, we haven't configured backend authentication, just enabled splunk default SSL.
/local/web.conf
[settings]
enableSplunkwebSSL true

Web gui running on https://IP:8000

Using TCP protocol on ELB configurations, ELB Listener TCP - 8000, Instance listener TCP 8000

0 Karma

khoitoy
Observer

hi there, any luck with this?  I'm having the exact same issue

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...