Getting Data In

Trying to access the rest api using the Splunk Docker image

kwitczak
New Member

I followed the steps on this site https://hub.docker.com/r/splunk/splunk/ and successfully started my docker container with Splunk running. I can get to Splunk via http://localhost:8000/ and login but I am unable to access the rest api using http://localhost:8089/. I just get this in the browser:

This site can’t be reached
localhost refused to connect.

Any ideas?

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi @kwitczak,

In your docker command, you have just mapped 8000 port.

docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk

For accessing management port you have to map 8089 port also.

docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" -p "8089:8089"  splunk/splunk

As per my suggestion, map below splunk port also.

8191
8065
9997
515

Thanks

philipmattocks
Path Finder

In your setup, Docker is mapping port 8000 on your Docker instance onto port 8000 on your machine, which is what enables you to access the Splunk UI of the Docker instance. The -p "8000:8000" part of your initial Docker run command is what did this. You need to add another port mapping flag for 8089 to allow access to the REST API, eg -p "8089:8089" to allow access to the REST API via your local machine. So the whole Docker run command would be something like:

docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" -p "8089:8089" splunk/splunk

Now you should be able to access the REST API via https://localhost:8089 (nb, you need to use https, not http for REST API, unlike you did in your original post)

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Request for Professional Development: Attending .conf26

Winning Over the Boss: Your Pass to .conf26 conf26 is going to be here before you know it. If don't already ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...