Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is there a long delay logging into Splunk on the latest Linux version?

aleivo
Engager
‎03-19-2019 01:24 AM

I'm running the latest 7.2.5 Linux version, but even in the last few previous versions, when connecting to Splunk and being presented with the log in screen, after entering a valid username and password and clicking login, it takes pretty much spot on 60 seconds for the login screen to disappear and be presented with the home page.

Even if immediately after successfully logging in through Chrome I start another web browser (IE) and attempt to log in, again it takes consistently 60 seconds for the login to complete. Since this happens with IE and Chrome, perhaps it's not a browser related issue. Also this happens consistently even after a fresh reboot. Other than that the search performance once logged in is pretty quick and the Web UI is quite responsive.

This login issue is fairly annoying and I would like some ideas to troubleshoot the cause of this.

Thanks
Alex

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎03-19-2019 05:35 AM

Is this Splunk local authentication, or LDAP/SAML?

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎03-19-2019 05:35 AM

Is this Splunk local authentication, or LDAP/SAML?

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution

aleivo
Engager
‎03-19-2019 05:52 AM

Aha! You're spot on. The local admin account logs in fast but the slow logins are with LDAP authenticated accounts.

Turns out a while back some AD servers were decommissioned and Splunk was still trying to auth against them and timing out as it was going through its list of configured LDAP servers.

Thanks!
Alex

0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎03-19-2019 05:55 AM

I was going to say - 60 seconds sounds like a timeout issue, so that was my hunch!

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...