I've just finished installing splunk on a new box w/ CentOS installed. I think everything went well, but I'm kinda new to CentOS CLI. Anyways, I can ping new box from my PC and can ping my PC from new box....but when I go to http://ip_of_new_box:8000 it doesnt bring up the UI. I use 8000 because it's the default and I dont remember doing anything else.
Where do I start?
This would appear to be a Linux system administration question, rather than a matter for Splunk.
You probably have issues with the default local firewall rules not allowing access to port 8000 as a service. Unfortunately recent releases of CentOS no use the firewall daemon and no longer allow interactive configuration of the firewall rules with the command line tool system-config-firewall-tui
, which has made it (IMO) unnecessarily complicated.
sudo -s
. (You DO have your own account and don't just use root willy nilly, I hope.)iptables -L
.Also check, whilst still elevated to superuser, netstat -pant
. This should show a port 8000 listening on 0.0.0.0 (i.e. all available addresses).
(This is not really a Linux novice problem.)
This would appear to be a Linux system administration question, rather than a matter for Splunk.
You probably have issues with the default local firewall rules not allowing access to port 8000 as a service. Unfortunately recent releases of CentOS no use the firewall daemon and no longer allow interactive configuration of the firewall rules with the command line tool system-config-firewall-tui
, which has made it (IMO) unnecessarily complicated.
sudo -s
. (You DO have your own account and don't just use root willy nilly, I hope.)iptables -L
.Also check, whilst still elevated to superuser, netstat -pant
. This should show a port 8000 listening on 0.0.0.0 (i.e. all available addresses).
(This is not really a Linux novice problem.)
You have a doc or instructions on how to enable just access from within our network?
Not really within the scope of the Splunk forums. If it was CentOS 5 I'd say su then issue the command system-config-firewall-tui, but with CentOS 6 running firewalld, it's a different ball game. To be honest I have not yet really configured one. (There are a lot of the CentIOS 6 and 7 changes I really don't like.)
For generic Linux admin questions you would be far better off consulting online documentation and support sites. (Linuxquestions.org is a start, although if you start asking questions pretty much anywhere without first having read the documentation you're not going to get a friendly reception.)
It was iptables, just shut that off and boom! it worked 🙂
OK, but that's not really the correct response. You should modify the local firewall to accomodate Splunk, not just hit it with a hammer. 😉
That said, please mark the answer as accepted, so others can see it has been solved.
Run $SPLUNK_HOME/bin/splunk status
to verify Splunk is running.
Check the server.socket_host
setting in your $SPLUNK_HOME/etc/system/defaults/web.conf
file. If you have to make a change, copy the file to $SPLUNK_HOME/etc/system/local
first.