Hey
I've got my splunk install running on my godaddy server. When I call ./splunk start
I get a message saying this:
The Splunk web interface is at http://xxx.secureserver.net:8000
However when I call this it doesn't load, and if I change the port I get a default pageok godaddy page.
Is there anyway to change the url that splunk loads from? Maybe feeding it into my html folder or something?
EDIT:
This is what I get when I call ./splunk start
:
Splunk> Take the sh out of IT.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory...
Validated databases: _audit _blocksignature _internal _thefishbucket history main summary
Done
Success
Checking conf files for typos...
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
[ OK ] [ OK ]
Done.Starting splunkweb... Done.
If you get stuck, we're here to help.
Look for answers here: http://www.splunk.com/base/Documentation
The Splunk web interface is at http://xxx.secureserver.net:8000
When I say the page doesn't load, I mean it sends the request but just times out.
I talked to a godaddy representative and he confirmed that they had a security policy blocking access to the 8000 port. They declined to make an exception to the security policy.
In that case, have SplunkWeb (port 8000) run on another port by editing web.conf, either in an app or in etc/system/local:
[settings]
httpport=1234
(change to represent port you wish to use)
Agree with southeringtonp. It's probably a firewall/iptables setting blocking external access to that port. The port is open as you have noted, but is being blocked by the OS iptables firewall/filter.
Do you think I could install a proxy server or something to access it?
When it "doesn't load", what precisely happens? Does it come back immediately, or does it sit for 30-60 seconds and time out?
The most likely problem is a firewall issue, either on your virtual host or a restriction enforced by GoDaddy. You'd trypically see a delay rather than an immedaite response if that's the case.
A couple of very generic things to try:
If it's on the CentOS host, you may need to edit /etc/sysconfig/iptables
and add a rule to permit access to port 8000. This link may help.
Also, try running netstat -an --tcp
, and make sure that you see Splunk listening on port 8000.
Sorry, typo. There's no 't' in sysconfig. See edit and additional link above.
Also, in the sysconfig folder (there is no systconfig :/) in /etc, I see no iptables! My linux build is CentOS release 5.2 (Final).
If you look at my edit, it appears that the http port is open. I guess I need it listening on TCP as well? When I run netstat the first thing I see is tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN
I see this for 8089 as well but nothing else for either port.