Archive
Highlighted

accessing splunk deployed on amazon ec2 instance

Hello,

this is my first question related to splunk.
The installation says i can access splunk using

The Splunk web interface is at http://ip-10-28-X-X:8000

Since it is displaying internal DNS name i am sure it will not work. So i tried using the public DNS name that amazon provides and made necessary changes to security group to allow TCP connections to port 8000.

This did not help me load the splunk login page.
All splunk daemons are running.

I also tried making changes to server.conf and inputs.conf by updating the hostname to public DNS name without any success.

What am i missing here. ??

Sunny

Tags (1)
0 Karma
Highlighted

Re: accessing splunk deployed on amazon ec2 instance

Influencer

I have played around with some AWS servers, and the general blockage would be with OS level firewall (e.g. if you are using Linux as the OS), it will have IPtables switched on by default.

You will either need to reconfigure IPTables to allow your communication to the server (e.g. 8000). Or you will need to switch IP tables off, which is my normal preference for the cases that I have had (i.e. just using them myself).

The following helps with switching off (which you can use for testing purposes, at a minimum):

http://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/

I would also look at assiging the server with an AWS elastic-IP, as this will allow you to connect via a Public IP address (also easier when troubleshooting). I believe these are free, as long as you are using the elastic-IP and it is not being "wasted" (i.e. not in use, when someone else could be using it). So as long as the elastic-IP is attached to your server, you should be okay.

0 Karma
Highlighted

Re: accessing splunk deployed on amazon ec2 instance

iptables is switched off on my ec2 instance.

I was planning to assign an elastic IP to my instance and try this thing out. Will update once i am done with testing it.

Thanks

0 Karma
Highlighted

Re: accessing splunk deployed on amazon ec2 instance

I tried using elastic IP and that did not work either..

netstat -an | grep 8000

tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN

Do i need to open the mgmt port too. And to whom ?

0 Karma
Highlighted

Re: accessing splunk deployed on amazon ec2 instance

Influencer

When you start Splunk should try to take ownership of 8000 and 8089 (mgmt), to confirm both ports, you should be able to use the following...

netstat -antp | egrep '8000|8089'

0 Karma
Highlighted

Re: accessing splunk deployed on amazon ec2 instance

iptables is switched off on my ec2 instance.

I was planning to assign an elastic IP to my instance and try this thing out.
Will update once i am done with testing it.

Thanks

0 Karma
Highlighted

Re: accessing splunk deployed on amazon ec2 instance

SplunkTrust
SplunkTrust

I have an EC2 instance running Splunk as well. I have allowed 443, 80, and 8000 using the AWS Security Group. I access it using the public dns provided by Amazon.

View solution in original post

Highlighted

Re: accessing splunk deployed on amazon ec2 instance

Should httpd be running on my ec2 instance or a different instance of httpd is running under splunk. ??

I opened port 80 in the security group and started httpd. i was able to access the apache home page. However, i am still not able to access ec2publicdns:8000

Highlighted

Re: accessing splunk deployed on amazon ec2 instance

Well.. it turned out that my company blocks outward traffic to non standard ports. So when i changed port 8000 to 80 in web.conf and restarted splunk, i was able to access the URL.

Highlighted

Re: accessing splunk deployed on amazon ec2 instance

Engager

This was my issue and fix too ('cept I ended up having to create the web.conf file and using 8080).

0 Karma