Getting Data In

After Installation of Splunk Enterprise, it's giving me this error "This Site can't be reached"?

Subarna
Explorer

Hi Team

I have installed trial version of Splunk enterprise. It worked fine for 2 days . After that I am not able to access the Splunk url. It is giving the below error. Please help on the same

This site can’t be reached

127.0.0.1 refused to connect.

Subarna_0-1669955605869.png

Labels (1)
Tags (1)
0 Karma
1 Solution

Subarna
Explorer

hi @SanjayReddy 

 

Ignore the last question. I was giving wrong time frame in the search

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Subarna,

if you, after two days, restarted Splunk and forgotted to add Splunk start to the boot procedure (in Linux), surely the problem was the one described by @SanjayReddy and anyway, you have to do the check hinted by him.

Otherwise, you have to check if, after two days, you did some change (e.g. on local firewall).

At first which Operative system are you using?

Ciao.

Giuseppe

0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @Subarna

have you checked if Splunk is running one the server

Hope its windows

run following command from CMD

cd <Splunk Enterprise installation directory>\bin

run follwing

splunk status

-----if splunk not running

start using

splunk start


also check in splunkd.log from location

cd <Splunk Enterprise installation directory>\var\log\splunk

and check for any errors that cuased splunkd to stop working

0 Karma

Subarna
Explorer

hi Sanjay I will check the below when the error again happens

But one issue I can see the health is red . Any way to resolve this. Also is there any way I can view and delete the log files uploaded so that I can test and upload more files

Subarna_0-1670246379279.png

@SanjayReddy

Tags (1)
0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @Subarna 

good that splunk is up and running, how did Splunk started again?.

regarding health check, if you click on health icon, you see futhrue deatails , as which component has problem , accordingly , issue can be check furthur,

about deleting data , yes you can use | delete  command delete source, shourcetype

ex: source=source1 | delete 

please use carefully in PROD system

SanjayReddy_0-1670340178184.png

by deafult all users including admin wont have capabiliy to delete data.

please follow below steps to add capability, 

settings-->users---> select the users to wante to give access 

 

SanjayReddy_2-1670340493504.png

 

select can_delete and save

SanjayReddy_3-1670340531152.png

 

 

0 Karma

Subarna
Explorer

Hi @SanjayReddy 

 

Thanks for all your help. I have uploaded the files in Splunk and able to search but when I query with the same data in Splunk after few days I am not able to see the results. Anything which I am missing . Please help

0 Karma

Subarna
Explorer

hi @SanjayReddy 

 

Ignore the last question. I was giving wrong time frame in the search

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Subarna,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

0 Karma

Subarna
Explorer

ok @gcusello Thanks

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...