Why can't I connect to splunk when using VM - splu...

Christians86 · ‎08-03-2021

Hi, I have had this problem twice now on two different computers.

I install debian/ubuntu
Then I use the .deb file from splunk.com - the newest you get when you start your trial
I then make a VM based on a distro of ubuntu/debian and install
Everything workes fine, I use my own user, not the root user to install
I follow the steps of https://www.bitsioinc.com/tutorials/install-splunk-linux/
Splunk starts and works fine. No problems..until I restart the VM. Then localhost:8000 and the external ip both stop working and splunk web gui is not possible to connect to.
I use the same account both for installation and for login when restarting

What am I doing wrong? Other VM's don't report problems on the machine, its only splunk, and only after restarting of the vm. The VM itself has internet and works fine, its only splunk that has issues.

Peterman · ‎10-01-2022

@Christians86 wrote:

Hi, I have had this problem twice now on two different computers.

I install debian/ubuntu
Then I use the .deb file from splunk.com - the newest you get when you start your trial
I then make a VM based on a distro of ubuntu/debian and install
Everything workes fine, I use my own user, not the root user to install
I follow the steps of https://www.bitsioinc.com/tutorials/install-splunk-linux/
Splunk starts and works fine. No problems..until I restart the VM. Then localhost:8000 and the external ip both stop working and splunk web gui is not possible to connect to.
I use the same account both for installation and for login when restarting

What am I doing wrong? Other VM's don't report problems on the machine, its only splunk, and only after restarting of the vm. The VM itself has internet and works fine, its only splunk that has issues.

i am also facing this problem man

codebuilder · ‎08-03-2021

Did you enable boot start for Splunk? Have you checked the service status after rebooting?

Also check the Splunk internal logs for errors/issues after rebooting.
$SPLUNK_HOME/var/log/splunk/splunkd.log

----
An upvote would be appreciated and Accept Solution if it helps!

Christians86 · ‎08-03-2021

Hi, I used

sudo /opt/splunk/bin/splunk enable boot-start

and I also got that splunkd was running when I checked. However I could still not get access to web gui

codebuilder · ‎08-03-2021

Do you have a firewall rule blocking port 8000?

----
An upvote would be appreciated and Accept Solution if it helps!

Christians86 · ‎08-03-2021

Hi,

No, if I had it wouldn't have worked until the VM was restarted. It only happens once the VM restarts, if I don't restart I can forward data etc without problems and access as normal.

codebuilder · ‎08-03-2021

Again, have you checked splunkd.log after reboot?

What output do you get from systemctl status splunkd (or whatever you named the service) ?

----
An upvote would be appreciated and Accept Solution if it helps!

Christians86 · ‎08-03-2021

Sorry, I had to redo the VM since I had removed it. I did all the same steps, same version of ubuntu but set the keyboard layout to English, and not Norwegian as yesterday. I have since restarted the VM 3 times both via ubuntu, hypervisor with and without ingest of data - it has yet to crash. So I let it run as if for some days and see...

Thanks for the help so far 🙂

Why can't I connect to splunk when using VM - splunk enterprise trial version

deployer

deployment server

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life