Details:- Classic Load balancer and Splnk 6.6.3 version
We are able to connect port 8000 when try with http;//IP:8000 but are unable to access GUI via ELB DNS name http://ELB:8000 .
We deployed in VPC, enabled network Security group rules internally between ELB and EC2 instance.
Below are the ELB configurations:-
Ping Target:- HTTP:8000/en-US/account/login?return_to=%2Fen-US%2F Timeout: 10 seconds Interval: 30 seconds Un healthy threshold: 2 Healthy threshold: 10
Health check is "Inservice" — currently we are using only 1 Availability zone — Instance is healthy
Listeners:- ELB -HTTP -8000- Instance protocol - HTTP -8000
Able to open GUI using IP - http://IP:8000 , but not able to access via ELB name. Do we need to make any changes to ELB configurations..? Is any one gone through this same issue, Appreciate your help.
We are facing this issue even with HTTP Protocol. ELB-> HTTP ->8000 - Instance protocol- HTTP -> 8000 , Looking for recommended ways to configure ELB settings for HTTPS.
After hours of struggle made few modifications, finally we were able to open GUI using the ELB name on HTTP. But now the issue is with HTTPS protocol. Getting ELB health check failures (instance "Out of service" )over HTTPS protocol
We have enabled splunkwebSSL in local web.conf, and made changes to the ELB settings as below
Timeout: 10 seconds
Interval: 30 seconds
Only time we are getting health check to work properly is when changing to TCP protocol, TCP:8000 but TCP is not the port we want to use as it only looks for a listening port and not that Splunk is running. As per Splunk previous answers on same issues, we did verified web.conf under /splunk_home/splunk/etc/system/default/web.conf for TLS1.2 version cyperSuite.
it is exist in our splunk web.conf default path :-
sslVersions = tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ecdhCurves = prime256v1, secp384r1, secp521r1
we are seeing this issue on Splunk 6.6.3
Nope, we haven't configured backend authentication, just enabled splunk default SSL.
Web gui running on https://IP:8000
Using TCP protocol on ELB configurations, ELB Listener TCP - 8000, Instance listener TCP 8000