Trying to access the rest api using the Splunk Doc...

kwitczak · ‎05-19-2017

I followed the steps on this site https://hub.docker.com/r/splunk/splunk/ and successfully started my docker container with Splunk running. I can get to Splunk via http://localhost:8000/ and login but I am unable to access the rest api using http://localhost:8089/. I just get this in the browser:

This site can’t be reached
localhost refused to connect.

Any ideas?

kamlesh_vaghela · ‎12-06-2017

Hi @kwitczak,

In your docker command, you have just mapped 8000 port.

docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk

For accessing management port you have to map 8089 port also.

docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" -p "8089:8089"  splunk/splunk

As per my suggestion, map below splunk port also.

8191
8065
9997
515

Thanks

philipmattocks · ‎12-06-2017

In your setup, Docker is mapping port 8000 on your Docker instance onto port 8000 on your machine, which is what enables you to access the Splunk UI of the Docker instance. The -p "8000:8000" part of your initial Docker run command is what did this. You need to add another port mapping flag for 8089 to allow access to the REST API, eg -p "8089:8089" to allow access to the REST API via your local machine. So the whole Docker run command would be something like:

docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" -p "8089:8089" splunk/splunk

Now you should be able to access the REST API via https://localhost:8089 (nb, you need to use https, not http for REST API, unlike you did in your original post)

Trying to access the rest api using the Splunk Docker image

Archived Metrics Now Available for APAC and EMEA realms

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!