Deployment Architecture

Why can't I access the UI on new Splunk install on CentOS?

Path Finder

I've just finished installing splunk on a new box w/ CentOS installed. I think everything went well, but I'm kinda new to CentOS CLI. Anyways, I can ping new box from my PC and can ping my PC from new box....but when I go to http://ip_of_new_box:8000 it doesnt bring up the UI. I use 8000 because it's the default and I dont remember doing anything else.

Where do I start?

Tags (3)
0 Karma
1 Solution

Motivator

This would appear to be a Linux system administration question, rather than a matter for Splunk.

You probably have issues with the default local firewall rules not allowing access to port 8000 as a service. Unfortunately recent releases of CentOS no use the firewall daemon and no longer allow interactive configuration of the firewall rules with the command line tool system-config-firewall-tui, which has made it (IMO) unnecessarily complicated.

  1. Log in
  2. Elevate yourself to administration status sudo -s. (You DO have your own account and don't just use root willy nilly, I hope.)
  3. Inspect the firewall rules iptables -L.

Also check, whilst still elevated to superuser, netstat -pant. This should show a port 8000 listening on 0.0.0.0 (i.e. all available addresses).

(This is not really a Linux novice problem.)

View solution in original post

Motivator

This would appear to be a Linux system administration question, rather than a matter for Splunk.

You probably have issues with the default local firewall rules not allowing access to port 8000 as a service. Unfortunately recent releases of CentOS no use the firewall daemon and no longer allow interactive configuration of the firewall rules with the command line tool system-config-firewall-tui, which has made it (IMO) unnecessarily complicated.

  1. Log in
  2. Elevate yourself to administration status sudo -s. (You DO have your own account and don't just use root willy nilly, I hope.)
  3. Inspect the firewall rules iptables -L.

Also check, whilst still elevated to superuser, netstat -pant. This should show a port 8000 listening on 0.0.0.0 (i.e. all available addresses).

(This is not really a Linux novice problem.)

View solution in original post

Path Finder

You have a doc or instructions on how to enable just access from within our network?

0 Karma

Motivator

Not really within the scope of the Splunk forums. If it was CentOS 5 I'd say su then issue the command system-config-firewall-tui, but with CentOS 6 running firewalld, it's a different ball game. To be honest I have not yet really configured one. (There are a lot of the CentIOS 6 and 7 changes I really don't like.)

For generic Linux admin questions you would be far better off consulting online documentation and support sites. (Linuxquestions.org is a start, although if you start asking questions pretty much anywhere without first having read the documentation you're not going to get a friendly reception.)

0 Karma

Path Finder

It was iptables, just shut that off and boom! it worked 🙂

0 Karma

Motivator

OK, but that's not really the correct response. You should modify the local firewall to accomodate Splunk, not just hit it with a hammer. 😉

That said, please mark the answer as accepted, so others can see it has been solved.

0 Karma

SplunkTrust
SplunkTrust

Run $SPLUNK_HOME/bin/splunk status to verify Splunk is running.
Check the server.socket_host setting in your $SPLUNK_HOME/etc/system/defaults/web.conf file. If you have to make a change, copy the file to $SPLUNK_HOME/etc/system/local first.

---
If this reply helps you, an upvote would be appreciated.
0 Karma