Deployment Architecture

Why is there a long delay logging into Splunk on the latest Linux version?

Engager

I'm running the latest 7.2.5 Linux version, but even in the last few previous versions, when connecting to Splunk and being presented with the log in screen, after entering a valid username and password and clicking login, it takes pretty much spot on 60 seconds for the login screen to disappear and be presented with the home page.

Even if immediately after successfully logging in through Chrome I start another web browser (IE) and attempt to log in, again it takes consistently 60 seconds for the login to complete. Since this happens with IE and Chrome, perhaps it's not a browser related issue. Also this happens consistently even after a fresh reboot. Other than that the search performance once logged in is pretty quick and the Web UI is quite responsive.

This login issue is fairly annoying and I would like some ideas to troubleshoot the cause of this.

Thanks
Alex

0 Karma
1 Solution

Ultra Champion

Is this Splunk local authentication, or LDAP/SAML?

View solution in original post

0 Karma

Ultra Champion

Is this Splunk local authentication, or LDAP/SAML?

View solution in original post

0 Karma

Engager

Aha! You're spot on. The local admin account logs in fast but the slow logins are with LDAP authenticated accounts.

Turns out a while back some AD servers were decommissioned and Splunk was still trying to auth against them and timing out as it was going through its list of configured LDAP servers.

Thanks!
Alex

0 Karma

Ultra Champion

I was going to say - 60 seconds sounds like a timeout issue, so that was my hunch!

0 Karma