All Apps and Add-ons

Why are we unable to access Splunk web GUI via Amazon Web Services (AWS) Elastic Load Balancing (ELB) DNS name?

vicky58
Explorer

We ran into an issue where we are unable to access Splunk web GUI using Amazon Web Services (AWS) Elastic Load Balancing (ELB) DNS name example:- http://ELB:PORT or https://ELB/en-US/account/login.

Details:- Classic Load balancer and Splnk 6.6.3 version

We are able to connect port 8000 when try with http;//IP:8000 but are unable to access GUI via ELB DNS name http://ELB:8000 .

We deployed in VPC, enabled network Security group rules internally between ELB and EC2 instance.

Below are the ELB configurations:-

Ping Target:-   
HTTP:8000/en-US/account/login?return_to=%2Fen-US%2F
Timeout: 10 seconds
Interval: 30 seconds
Un healthy threshold: 2
Healthy threshold: 10

Health check is "Inservice" — currently we are using only 1 Availability zone — Instance is healthy

Listeners:- ELB -HTTP -8000- Instance protocol - HTTP -8000

Able to open GUI using IP - http://IP:8000 , but not able to access via ELB name. Do we need to make any changes to ELB configurations..? Is any one gone through this same issue, Appreciate your help.

-> Also we tested by on enabling the HTTPS on web.conf
enableSplunkWebSSL = true, Able to open GUI on Https://IP:PORT but not Https://ELB:PORT

We are facing this issue even with HTTP Protocol. ELB-> HTTP ->8000 - Instance protocol- HTTP -> 8000 , Looking for recommended ways to configure ELB settings for HTTPS.

vicky58
Explorer

After hours of struggle made few modifications, finally we were able to open GUI using the ELB name on HTTP. But now the issue is with HTTPS protocol. Getting ELB health check failures (instance "Out of service" )over HTTPS protocol

We have enabled splunkwebSSL in local web.conf, and made changes to the ELB settings as below

Target Path:HTTPS:8000/en-US/account/login?return_to=%2Fen-US%2F
Timeout: 10 seconds
Interval: 30 seconds

Only time we are getting health check to work properly is when changing to TCP protocol, TCP:8000 but TCP is not the port we want to use as it only looks for a listening port and not that Splunk is running. As per Splunk previous answers on same issues, we did verified web.conf under /splunk_home/splunk/etc/system/default/web.conf for TLS1.2 version cyperSuite.

it is exist in our splunk web.conf default path :-

ciphers to cipherSuite:

ECDHE-RSA-AES128-SHA

sslVersions = tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ecdhCurves = prime256v1, secp384r1, secp521r1

we are seeing this issue on Splunk 6.6.3

0 Karma

back2root
Path Finder

Do you have Backend authentication enabled and if so have you configured the right back end server certificate within AWS ELB?

0 Karma

vicky58
Explorer

Nope, we haven't configured backend authentication, just enabled splunk default SSL.
/local/web.conf
[settings]
enableSplunkwebSSL true

Web gui running on https://IP:8000

Using TCP protocol on ELB configurations, ELB Listener TCP - 8000, Instance listener TCP 8000

0 Karma

khoitoy
Observer

hi there, any luck with this?  I'm having the exact same issue

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...