Getting Data In

After Installation of Splunk Enterprise, it's giving me this error "This Site can't be reached"?

Subarna
Explorer

Hi Team

I have installed trial version of Splunk enterprise. It worked fine for 2 days . After that I am not able to access the Splunk url. It is giving the below error. Please help on the same

This site can’t be reached

127.0.0.1 refused to connect.

Subarna_0-1669955605869.png

Labels (1)
Tags (1)
0 Karma
1 Solution

Subarna
Explorer

hi @SanjayReddy 

 

Ignore the last question. I was giving wrong time frame in the search

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Subarna,

if you, after two days, restarted Splunk and forgotted to add Splunk start to the boot procedure (in Linux), surely the problem was the one described by @SanjayReddy and anyway, you have to do the check hinted by him.

Otherwise, you have to check if, after two days, you did some change (e.g. on local firewall).

At first which Operative system are you using?

Ciao.

Giuseppe

0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @Subarna

have you checked if Splunk is running one the server

Hope its windows

run following command from CMD

cd <Splunk Enterprise installation directory>\bin

run follwing

splunk status

-----if splunk not running

start using

splunk start


also check in splunkd.log from location

cd <Splunk Enterprise installation directory>\var\log\splunk

and check for any errors that cuased splunkd to stop working

0 Karma

Subarna
Explorer

hi Sanjay I will check the below when the error again happens

But one issue I can see the health is red . Any way to resolve this. Also is there any way I can view and delete the log files uploaded so that I can test and upload more files

Subarna_0-1670246379279.png

@SanjayReddy

Tags (1)
0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @Subarna 

good that splunk is up and running, how did Splunk started again?.

regarding health check, if you click on health icon, you see futhrue deatails , as which component has problem , accordingly , issue can be check furthur,

about deleting data , yes you can use | delete  command delete source, shourcetype

ex: source=source1 | delete 

please use carefully in PROD system

SanjayReddy_0-1670340178184.png

by deafult all users including admin wont have capabiliy to delete data.

please follow below steps to add capability, 

settings-->users---> select the users to wante to give access 

 

SanjayReddy_2-1670340493504.png

 

select can_delete and save

SanjayReddy_3-1670340531152.png

 

 

0 Karma

Subarna
Explorer

Hi @SanjayReddy 

 

Thanks for all your help. I have uploaded the files in Splunk and able to search but when I query with the same data in Splunk after few days I am not able to see the results. Anything which I am missing . Please help

0 Karma

Subarna
Explorer

hi @SanjayReddy 

 

Ignore the last question. I was giving wrong time frame in the search

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Subarna,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

0 Karma

Subarna
Explorer

ok @gcusello Thanks

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...