Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Cannot access Splunk from remote computers?

rockb
Explorer
‎11-14-2022 05:13 AM

I have Splunk installed on a machine running Windows 10 that is compliant with all Windows 10 STIGs.  I can access Splunk from that machine but no others.  I can ping the Splunk box from other machines.

I have tried disabling the firewall but the symptoms persist.  

I figure it is a setting associated with a STIG and am hoping someone here has run into this before and remembers what it is.

 

Labels (1)
Labels
0 Karma
Reply

BG
Explorer
‎11-23-2022 02:21 PM

Presumably if you run 'netstat -ano' it shows the Splunk service listening on port 8000, otherwise you wouldn't be able to connect on the local machine.

Have you tried serving any other application to check if external hosts can connect (something not on port 8000 obviously).

As already stated, I don't think ping is relevant as even with the Windows firewall enabled, ICMP isn't disabled.

Can you clarify how your 'STIG' compliant OS is different to standard Windows 10? If you're wanting the most secure machine to host Splunk Enterprise, wouldn't you just go with Server 2019 or Linux (I realise that's an entirely separate topic, but we don't know what security features you've added to Windows 10 for the STIG compliance, so it's difficult to advise what might be blocking traffic). 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-14-2022 05:26 AM

Hi @rockb,

ping isn't relevant, did you tried to check the connection with telnet?

telnet <ip_splunk_server> 8000

i you haven't, intall it for test.

if you cannot, there's a firewall route problem: it could be an intermediate  or a local firewall issue.

If you can, there's something other

Which browser are you using? don't use Edge or Explorer.

Ciao.

Giuseppe

0 Karma
Reply

rockb
Explorer
‎11-15-2022 06:41 AM

Unable to connect via Telnet on 8000.

I temporarily disabled the firewall and was still unable to connect via Telnet on 8000.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-15-2022 07:54 AM

Hi @rockb,

did you checked both local and intermediate firewalls?

telenet on the port not working means that you canno reach the host on that port.

Ciao.

Giuseppe

0 Karma
Reply

rockb
Explorer
‎11-15-2022 08:01 AM

They are both plugged into the same switch (SOHO router).  No intermediate firewalls.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-15-2022 08:32 AM

Hi @rockb

as I said, telnet on 8000 port not working meand that there's something blocking the connection, maybe a local firewall.

did you enabled https or not?

how do you locally access?

Ciao.

Giuseppe

 

 

0 Karma
Reply

rockb
Explorer
‎11-23-2022 09:12 AM

it is not a local firewall as I cannot access with the firewall disabled.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...