In my organization, we use Splunk on a completely isolated network. I'd like to make it so that my users can just enter in a DNS name into their browser address bar (i.e. http://splunk/
) instead of having to enter http://<node_ip_address>:8000
. As you may have guessed, I have zero experience when it comes to web hosting configuration.
I have Splunk installed on a Windows Server 2008 R2 x64 machine, and Splunk is its only purpose. I've set the name of this box to "Splunk", and it has entries in our DNS. I changed the port on the Splunk box to 80. On the local machine (machine named "Splunk"), it works like a charm, I enter http://splunk/
and it goes to the sign in page. But on the rest of the network, I get "server timed out" messages. I tried turning off the firewall on the "Splunk" machine just to see if that would help but no dice.
I should also add that we host no other corporate sites or web services, Splunk will be the only one for the foreseeable future.
Any ideas on how to make this work? Do I have to install (and learn) IIS or something like that? Any help is greatly appreciated!
You will have to change the http port on the Splunk server to 80 in order to use a simple url.
Is there a physical Firewall? If so it may require a firewall rule opened up to allow port 80 traffic to your Splunk server.
Since your server is already named splunk and you can ping it by putting in splunk you should be good to go. If your server is in a different DNS zone, then you will have to create an A Record for your zone that points to the server's ip. You can do a CNAME to cross zones, but that is a DISA finding.
You will have to change the http port on the Splunk server to 80 in order to use a simple url.
Is there a physical Firewall? If so it may require a firewall rule opened up to allow port 80 traffic to your Splunk server.
Since your server is already named splunk and you can ping it by putting in splunk you should be good to go. If your server is in a different DNS zone, then you will have to create an A Record for your zone that points to the server's ip. You can do a CNAME to cross zones, but that is a DISA finding.
My guess is that your users do not have a valid route to your Splunk server. On the rest of the network, try
ping splunk
or
ping theSplunkIPAddress
whatever the ip address is. If you can't ping, you probably need to work with your networking team. It sounds like a firewall problem, but I don't think it is on your Splunk server...
Thank you for your response, lguinn! Following your suggestion, I can ping the Splunk machine from the DC, both by name and by ip address, but I can't get to the Splunk homepage from the DC. I'll have to look at the firewall on the DC and see if there might be anything causing it to block the connection attempt.