Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Fresh Install of Splunk Enterprise 6.2.3 on Windows 7, why am I unable to connect to Splunk Web?

pesteaux
Explorer
‎01-12-2016 06:43 AM

I tried all evening to get Splunk Enterprise up and running on a Windows 7 box. I am installing on a non-system drive with Local User selected in the wizard. The splunkd service seems to start, but it hangs with the message Waiting for web server at https://127.0.0.1:8000 to be available. I have tried other ports, and I have tried disabling both UAC and the Windows firewall with no luck. The firewall has everything open from both the splunkd service and splunkweb service. It looks like this was automatically done at install time.

A netstat -an does not show anything listening on the configured web port.

Has anyone else had this problem?

Update: I've uninstalled and tried with the default configuration. The exact same condition occurs.
Update: When I run splunk stop from another command prompt, I see the error: WARNING: web interface does not seem to be available! .

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pesteaux
Explorer
‎01-13-2016 06:40 AM

This is "resolved". After seeing the splunk answers thread on an evident python bug noted in the comments, I uninstalled Splunk Enterprise from my windows box. Instead, I installed it on my son's CentOS box, set up a universal forward on my windows box, and had everything configured in about 20 minutes. I then spent the evening doing a jigsaw puzzle in the dining room instead of trying to get Splunk Enterprise to work on my Windows box.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

pesteaux
Explorer
‎01-13-2016 06:40 AM

This is "resolved". After seeing the splunk answers thread on an evident python bug noted in the comments, I uninstalled Splunk Enterprise from my windows box. Instead, I installed it on my son's CentOS box, set up a universal forward on my windows box, and had everything configured in about 20 minutes. I then spent the evening doing a jigsaw puzzle in the dining room instead of trying to get Splunk Enterprise to work on my Windows box.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-12-2016 06:19 PM

I noticed it says "https" which means you've enabled ssl in web.conf.

I'm going to bet you cant find your ssl certs due to permissions issues, or because they're not present.

0 Karma
Reply
Solved! Jump to solution

pesteaux
Explorer
‎01-12-2016 06:22 PM

Good eye jkat54. Since I've reinstalled with default config and get the same condition, the error now says:
`Waiting for web server at http://127.0.0.1:31337 to be available.......

WARNING: web interface does not seem to be available!`

(well, not quite default now, I did try a higher port).

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎01-12-2016 06:55 PM

Check your splunkd.log again and see what it says. Typically this is indicative of a permissions issue, most likely related to the user account running the app. Perhaps try running the service as administrator first and validate you can get it to start with full perms, then back it off to a restricted user.

0 Karma
Reply
Solved! Jump to solution

pesteaux
Explorer
‎01-12-2016 06:59 PM

The only way I know how to run it as admin is to run command prompt as admin and run splunk start from there, which I have tried with the same error. I'll double check the splunkd.log. Thank you!

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎01-12-2016 07:04 PM

You can go into the services control panel and change the runas user, I think Start -> Run -> services.msc works in Win7..

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎01-12-2016 06:17 PM

As first troubleshooting step start looking in splunk.log in $SPLUNK_HOME/var/log/splunk

0 Karma
Reply
Solved! Jump to solution

pesteaux
Explorer
‎01-12-2016 06:49 PM

For the record, it is splunk 6.3.2...typo.

0 Karma
Reply
Solved! Jump to solution

pesteaux
Explorer
‎01-12-2016 06:41 PM

Looks like https://answers.splunk.com/answers/177187/why-is-the-splunk-web-service-not-running-after-an.html but there's no help there. Bummer.

0 Karma
Reply
Solved! Jump to solution

pesteaux
Explorer
‎01-12-2016 06:34 PM

I don't see splunk.log, just splunkd.log. The only thing above INFO was the following:

01-12-2016 20:31:11.656 -0600 WARN DC:DeploymentClient - DeploymentClient explicitly disabled through config.
01-12-2016 20:31:11.678 -0600 WARN IndexerService - Indexer was started dirty: splunkd startup may take longer than usual; searches may not be accurate until background fsck completes.

0 Karma
Reply
Solved! Jump to solution

pesteaux
Explorer
‎01-12-2016 06:38 PM

I also checked web_service.log and found this error:
2016-01-12 20:31:12,638 ERROR [-] root:810 - Unable to start splunkweb
2016-01-12 20:31:12,638 ERROR [-] root:811 - must be string without null bytes or None, not str
Traceback
(etc).

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...