Getting Data In

Fresh Install of Splunk Enterprise 6.2.3 on Windows 7, why am I unable to connect to Splunk Web?

pesteaux
Explorer

I tried all evening to get Splunk Enterprise up and running on a Windows 7 box. I am installing on a non-system drive with Local User selected in the wizard. The splunkd service seems to start, but it hangs with the message Waiting for web server at https://127.0.0.1:8000 to be available. I have tried other ports, and I have tried disabling both UAC and the Windows firewall with no luck. The firewall has everything open from both the splunkd service and splunkweb service. It looks like this was automatically done at install time.

A netstat -an does not show anything listening on the configured web port.

Has anyone else had this problem?

Update: I've uninstalled and tried with the default configuration. The exact same condition occurs.
Update: When I run splunk stop from another command prompt, I see the error: WARNING: web interface does not seem to be available! .

0 Karma
1 Solution

pesteaux
Explorer

This is "resolved". After seeing the splunk answers thread on an evident python bug noted in the comments, I uninstalled Splunk Enterprise from my windows box. Instead, I installed it on my son's CentOS box, set up a universal forward on my windows box, and had everything configured in about 20 minutes. I then spent the evening doing a jigsaw puzzle in the dining room instead of trying to get Splunk Enterprise to work on my Windows box.

View solution in original post

0 Karma

pesteaux
Explorer

This is "resolved". After seeing the splunk answers thread on an evident python bug noted in the comments, I uninstalled Splunk Enterprise from my windows box. Instead, I installed it on my son's CentOS box, set up a universal forward on my windows box, and had everything configured in about 20 minutes. I then spent the evening doing a jigsaw puzzle in the dining room instead of trying to get Splunk Enterprise to work on my Windows box.

0 Karma

jkat54
SplunkTrust
SplunkTrust

I noticed it says "https" which means you've enabled ssl in web.conf.

I'm going to bet you cant find your ssl certs due to permissions issues, or because they're not present.

0 Karma

pesteaux
Explorer

Good eye jkat54. Since I've reinstalled with default config and get the same condition, the error now says:
`Waiting for web server at http://127.0.0.1:31337 to be available.......

WARNING: web interface does not seem to be available!`

(well, not quite default now, I did try a higher port).

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Check your splunkd.log again and see what it says. Typically this is indicative of a permissions issue, most likely related to the user account running the app. Perhaps try running the service as administrator first and validate you can get it to start with full perms, then back it off to a restricted user.

0 Karma

pesteaux
Explorer

The only way I know how to run it as admin is to run command prompt as admin and run splunk start from there, which I have tried with the same error. I'll double check the splunkd.log. Thank you!

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

You can go into the services control panel and change the runas user, I think Start -> Run -> services.msc works in Win7..

0 Karma

MuS
Legend

As first troubleshooting step start looking in splunk.log in $SPLUNK_HOME/var/log/splunk

0 Karma

pesteaux
Explorer

For the record, it is splunk 6.3.2...typo.

0 Karma

pesteaux
Explorer
0 Karma

pesteaux
Explorer

I don't see splunk.log, just splunkd.log. The only thing above INFO was the following:

01-12-2016 20:31:11.656 -0600 WARN DC:DeploymentClient - DeploymentClient explicitly disabled through config.
01-12-2016 20:31:11.678 -0600 WARN IndexerService - Indexer was started dirty: splunkd startup may take longer than usual; searches may not be accurate until background fsck completes.

0 Karma

pesteaux
Explorer

I also checked web_service.log and found this error:
2016-01-12 20:31:12,638 ERROR [-] root:810 - Unable to start splunkweb
2016-01-12 20:31:12,638 ERROR [-] root:811 - must be string without null bytes or None, not str
Traceback

(etc).

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...