Archive

Cant connect to port 8089 non-localhost, just only localhost

Explorer

I'm just install splunk enterprise in centos 7 , but i cant connect splunk enterprise with port 8089 by python sdk in non-localhost, but i can connect and run script in localhost , anyone have solve ?

Tags (1)
0 Karma
1 Solution

Splunk Employee
Splunk Employee

Hi s2upin,

you probably need to add the port to firewalld.

first, verify that splunkd is indeed listening:

[splunker@n00bserver ~]$ ss -tulpn | grep 8089
tcp    LISTEN     0      128       *:8089                  *:*                   users:(("splunkd",pid=11047,fd=5))

The do:

firewall-cmd --add-port 8089/tcp --permanent
firewall-cmd --reload

Verify with:

[root@n00bserver ~]# firewall-cmd --list-ports
5907/tcp 1022/tcp 5908/tcp 5222/tcp 9997/tcp 8089/tcp 5900/tcp 5901/tcp 5904/tcp 5905/tcp 80/tcp 514/udp 8000/tcp 5902/tcp 5903/tcp 5906/tcp

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

Hi s2upin,

you probably need to add the port to firewalld.

first, verify that splunkd is indeed listening:

[splunker@n00bserver ~]$ ss -tulpn | grep 8089
tcp    LISTEN     0      128       *:8089                  *:*                   users:(("splunkd",pid=11047,fd=5))

The do:

firewall-cmd --add-port 8089/tcp --permanent
firewall-cmd --reload

Verify with:

[root@n00bserver ~]# firewall-cmd --list-ports
5907/tcp 1022/tcp 5908/tcp 5222/tcp 9997/tcp 8089/tcp 5900/tcp 5901/tcp 5904/tcp 5905/tcp 80/tcp 514/udp 8000/tcp 5902/tcp 5903/tcp 5906/tcp

View solution in original post

0 Karma

Explorer

Tks you so much 😄

0 Karma

Splunk Employee
Splunk Employee

Probably a firewall issue

On local host run:
systemctl stop firewalld
If that fixes the issue, then you know it is the firewall on the local host. If that does not fix the issue then most likley there is another firewall off the box.

If the first one fixes your issue then the solution would be to create a firewall policy that would allow remote connectivity to your box on the splunk ports and turn your firewall back on.

Okie

0 Karma

Splunk Employee
Splunk Employee

Examples below

Splunk Enterprise also requires several ports to be opened through the firewall(s). To allow
these ports through the built-in firewalld on RHEL enter the following commands:
sudo firewall-cmd -permanent --add-port =8000/tcp
sudo firewall-cmd -permanent --add-port =9997/tcp
sudo firewall-cmd -permanent --add-port =514/tcp
sudo firewall-cmd -permanent --add-port =514/udp
sudo firewall-cmd -reload
sudo firewall-cmd -list-ports
0 Karma