Dashboards & Visualizations

Running splunk on Godaddy CentOS server

jamesingham
New Member

Hey

I've got my splunk install running on my godaddy server. When I call ./splunk start I get a message saying this:

The Splunk web interface is at http://xxx.secureserver.net:8000

However when I call this it doesn't load, and if I change the port I get a default pageok godaddy page.

Is there anyway to change the url that splunk loads from? Maybe feeding it into my html folder or something?

EDIT:

This is what I get when I call ./splunk start:

Splunk> Take the sh out of IT.

Checking prerequisites...

Checking http port [8000]: open

Checking mgmt port [8089]: open

Checking configuration... Done.

Checking index directory...

Validated databases: _audit _blocksignature _internal _thefishbucket history main summary

Done

Success

Checking conf files for typos...

All preliminary checks passed.

Starting splunk server daemon (splunkd)...

                                                       [  OK  ]

                                                       [  OK  ]

Done.Starting splunkweb... Done.

If you get stuck, we're here to help.

Look for answers here: http://www.splunk.com/base/Documentation

The Splunk web interface is at http://xxx.secureserver.net:8000

When I say the page doesn't load, I mean it sends the request but just times out.

0 Karma

perrydc
New Member

I talked to a godaddy representative and he confirmed that they had a security policy blocking access to the 8000 port. They declined to make an exception to the security policy.

0 Karma

Jason
Motivator

In that case, have SplunkWeb (port 8000) run on another port by editing web.conf, either in an app or in etc/system/local:

[settings]
httpport=1234

(change to represent port you wish to use)

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

Agree with southeringtonp. It's probably a firewall/iptables setting blocking external access to that port. The port is open as you have noted, but is being blocked by the OS iptables firewall/filter.

0 Karma

jamesingham
New Member

Do you think I could install a proxy server or something to access it?

0 Karma

southeringtonp
Motivator

When it "doesn't load", what precisely happens? Does it come back immediately, or does it sit for 30-60 seconds and time out?

The most likely problem is a firewall issue, either on your virtual host or a restriction enforced by GoDaddy. You'd trypically see a delay rather than an immedaite response if that's the case.

A couple of very generic things to try:

  • If it's on the CentOS host, you may need to edit /etc/sysconfig/iptables and add a rule to permit access to port 8000. This link may help.

  • Also, try running netstat -an --tcp, and make sure that you see Splunk listening on port 8000.

southeringtonp
Motivator

Sorry, typo. There's no 't' in sysconfig. See edit and additional link above.

0 Karma

jamesingham
New Member

Also, in the sysconfig folder (there is no systconfig :/) in /etc, I see no iptables! My linux build is CentOS release 5.2 (Final).

0 Karma

jamesingham
New Member

If you look at my edit, it appears that the http port is open. I guess I need it listening on TCP as well? When I run netstat the first thing I see is tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN I see this for 8089 as well but nothing else for either port.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...