Getting Data In

How to configure Splunk on my Windows 2008 server?

rsingh
Explorer

i installed Splunk on my Windows 2008 server. i added the DNS name and IP to my DNS server but when i enter the DNS name, it takes me to IIS7 site. what am i doing wrong?

0 Karma
1 Solution

adauria_splunk
Splunk Employee
Splunk Employee

Did you configure your Splunk server to use a different port than standard (i.e. 80 instead of 8000)?

If so, you might have 2 different web servers on port 80 - the default IIS page and Splunk. You could disable IIS to resolve that, assuming this is the case. Also, it seems that:

https://<yourDNShostname>/en-US/app/launcher/home

should work from anywhere in the environment if your DNS is set correctly. Assuming you set Splunk to run its web interface on port 80, here's how I'd troubleshoot:

Is the Splunk server running?
- Check it under Services.msc
- Hit it on the Splunk server with the localhost URL you are using on the Splunk server
- You can also confirm what port it's listening on at the CMD with netstat -abn | findstr splunk (if you see results, then run without the findstr and look for Splunk to ID its associated port)

Is the Splunk server sharing its port with another web server?
- http://localhost should tell you if something else is running on port 80
- Disable IIS or change ports for Splunk or IIS

Can you hit the Splunk web interface from another system?
- use http:///en-US/app/launcher/home
- Is your Windows firewall or a network firewall blocking traffic to this site

Assuming the above works, can you resolve the DNS name you've set up?
- From the Splunk server, ping and see if it resolves
- From another machine, ping and see if it resolves
- If not, DNS isn't setup right

If Splunk is running and you can hit it locally with localhost or by IP, then it's probably a port conflict with IIS, host/network firewall issue, or name resolution issue.

-Andrew

View solution in original post

adauria_splunk
Splunk Employee
Splunk Employee

Did you configure your Splunk server to use a different port than standard (i.e. 80 instead of 8000)?

If so, you might have 2 different web servers on port 80 - the default IIS page and Splunk. You could disable IIS to resolve that, assuming this is the case. Also, it seems that:

https://<yourDNShostname>/en-US/app/launcher/home

should work from anywhere in the environment if your DNS is set correctly. Assuming you set Splunk to run its web interface on port 80, here's how I'd troubleshoot:

Is the Splunk server running?
- Check it under Services.msc
- Hit it on the Splunk server with the localhost URL you are using on the Splunk server
- You can also confirm what port it's listening on at the CMD with netstat -abn | findstr splunk (if you see results, then run without the findstr and look for Splunk to ID its associated port)

Is the Splunk server sharing its port with another web server?
- http://localhost should tell you if something else is running on port 80
- Disable IIS or change ports for Splunk or IIS

Can you hit the Splunk web interface from another system?
- use http:///en-US/app/launcher/home
- Is your Windows firewall or a network firewall blocking traffic to this site

Assuming the above works, can you resolve the DNS name you've set up?
- From the Splunk server, ping and see if it resolves
- From another machine, ping and see if it resolves
- If not, DNS isn't setup right

If Splunk is running and you can hit it locally with localhost or by IP, then it's probably a port conflict with IIS, host/network firewall issue, or name resolution issue.

-Andrew

rsingh
Explorer

when i go to port 8000
http://mysplunk.domain.com:8000/

Not Found

HTTP Error 404. The requested resource is not found.

0 Karma

adauria_splunk
Splunk Employee
Splunk Employee

You need to go to port 8000, I.e.

Http://myserver:8000 
0 Karma

rsingh
Explorer

when i go to port 8000
http://mysplunk.domain.com:8000/

Not Found

HTTP Error 404. The requested resource is not found.

0 Karma

nravichandran
Communicator

First make sure if the splunk is running. http://localhost:8000

0 Karma

rsingh
Explorer

this is the URL i'm using to access splunk

https://localhost/en-US/app/launcher/home

http://localhost:8000/ does not resolve

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...