Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunkweb login is not working

mataharry
Communicator
‎10-27-2011 04:07 PM

I'm getting the error message above while trying to login the interface.
In IE, the tab also reads Login - Splunk UNKNOWN_VERSION(000) even though I have a valid license installed.

This is my indexer/deployment-server/search-head/coffe-maker.

Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-27-2011 04:09 PM

So your server an indexer, a search-head and a deployment server ?
do you have an idea of how many deployments-clients connects to it ?

Usually when the web interface is not displaying the version, this is because the splunkd (management port 8089) process is not responding to the splunkweb process.

  • because after a restart splunkd is busy (rebuilding the buckets by example)
  • or because too many deployments-clients are connected to splunkd on the port 8089 used also for the deployment.

The short term solution is to disable the deployment-server and change the management port from 8089 to another port (like 8090)
in $SPLUNK_HOME/etc/system/local/web.conf
([settings] mgmtHostPort )
That way the deployment-clients will not be served.

The long term solution is to setup a dedicated deployment server.
see http://splunk-base.splunk.com/answers/26620/how-many-clients-can-one-deployment-server-manage

View solution in original post

Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎10-27-2011 04:09 PM

So your server an indexer, a search-head and a deployment server ?
do you have an idea of how many deployments-clients connects to it ?

Usually when the web interface is not displaying the version, this is because the splunkd (management port 8089) process is not responding to the splunkweb process.

  • because after a restart splunkd is busy (rebuilding the buckets by example)
  • or because too many deployments-clients are connected to splunkd on the port 8089 used also for the deployment.

The short term solution is to disable the deployment-server and change the management port from 8089 to another port (like 8090)
in $SPLUNK_HOME/etc/system/local/web.conf
([settings] mgmtHostPort )
That way the deployment-clients will not be served.

The long term solution is to setup a dedicated deployment server.
see http://splunk-base.splunk.com/answers/26620/how-many-clients-can-one-deployment-server-manage

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...