Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get Splunk web server?

allyandrews14
New Member
‎07-13-2012 04:16 PM

I downloaded Splunk for the MAC (I have the 10.7 version software, I'm not sure if that'll make a difference on how this works or not), read the manual, and went to the the directions for /Applications/splunk/bin/splunk start, none of the items in my folder (bin) had a splunk start, there was just a splunk, splunk-optimize, splunk-optimize-lex, splunkd, splunkmon, so I chose the splunk and it logged me in and gave me all these help commands. I thought I did everything right those were the steps I followed and so when I try to access the Splunk web server it gave me, it keeps saying Safari can't identify this server. Do I need to download another browser so it will recognize it? I asked another question similar to this and someone said I have to make sure the local: 8000 isn't blocked, I'm not sure how to go about checking that or changing it if it is blocked on a MAC. Can someone help me? I need like a step by step process on how to go about fixing whatever's wrong.

Tags (1)
0 Karma
Reply

MHibbin
Influencer
‎07-14-2012 03:52 AM

Not used MAC OS personally, however being a linux system check whether the splunk services are running from command-line (terminal) with...

ps -ef | grep splunkd

This is the main splunk daemon, which should be running. You can also check whether the ports are used by an application, with something like...

netstat -antp | grep 8089

OR

netstat -antp | grep 8000

However, from the way I read this, you are not starting Splunk correctly. From the terminal (command-line) as root (su) or using sudo (prepend the following with "sudo"), run the following...

/Applications/splunk/bin/splunk status

I suspect the services will be disabled, as you will need to read and accept the T's & C's, so again as root (su) or sudo (prepend the following with "sudo"), run the following...

/Applications/splunk/bin/splunk start

As i'm sure this will be your first time in starting splunk you will need be presented with all the T's & C's, to which you must accepted (with a "Y" when asked) to proceed. You will then be run through the initial configuration, if the ports 8000 (splunkweb) and 8089 (splunkd) are already in use, Splunk will ask for alternatives (e.g. these could be 8001 and 8090 for splunkweb and splunkd respectively). Once finished, providing there are no errors, the CLI will state that the services and are started and provide you with a URL to navigate to.

If you are starting out, another useful CLI command would be...

/Applications/splunk/bin/splunk help cheatsheet

Hope this helps.

0 Karma
Reply

MHibbin
Influencer
‎07-15-2012 01:20 PM

for the su command, this basically put's you into Root (the highest level user), which can be risky if you don't know what you are doing as you can accidently remove or modify critical system files.

sudo allows you to run some process "as root" but there are some system restrictions in place to prevent you doing anything "silly".You should still be careful when using both of these modes.

You don't have to run Splunk as root, but there may be some restrictions for this:

http://docs.splunk.com/Documentation/Splunk/latest/installation/RunSplunkasadifferentornon-rootuser

0 Karma
Reply

MHibbin
Influencer
‎07-15-2012 01:17 PM

For the netstat command you should something like... this just says the splunkd process is listening on port 8089 and give the PID (process id) for splunkd which you can see matches the PID for the splunkd process in ps-ef above...

[root@matt-laptop home]# netstat -antp | grep 8089
tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN 1154/splunkd

0 Karma
Reply

MHibbin
Influencer
‎07-15-2012 01:13 PM

For the ps command (to check for the processes) you should see something like the following, which basically says there are splunk processes running (using grep to narrow down on splunk)

[root@matt-laptop home]# ps -ef | grep splunkd | grep -v grep
root 1154 1 2 21:05 ? 00:00:06 splunkd -p 8089 start
root 1155 1154 0 21:05 ? 00:00:00 splunkd -p 8089 start

0 Karma
Reply

allyandrews14
New Member
‎07-15-2012 08:41 AM

Thank you so much MHibbin, I just had a few more questions, when I typed in su or sudo into my command line, it says I have the potential for data loss. I just want to make sure that typing that in will not cause me to lose important data or any data at all, that it was just to access splunk? I checked to see if the ports you suggested were open and also if splunk is running. But, since I'm so new to using command line, it sent back a bunch of numbers and information. I was wondering if you could tell me what exactly I'm looking for to see if every things working?

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎07-13-2012 04:50 PM

let's restart from the beginning :

1 - check that splunkweb is not disabled
run ./splunk cmd btool web list --debug
and look for startwebserver = 1

2 - restart splunk on the command line, ./splunk restart
check the URL and port of splunk web provided at the end of the launch output.
verify if you need http or https
(default should be http://localhost:8000)

3 - check that the web port is not blocked by a firewall or used by another application.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...