I have installed Splunk on Solaris 10 Sparc machine. On that machine Orca is also running. After installation it gives me the address for my browser but when I paste that in my browser then it is not opening the interface. Is there perhaps a conflict with Apache running on that machine? I've even tried changing the ports but to no avail.
Thanks in advance
I also facing same issue when i am trying to login Splunk GUI via my user name and password its throwing error "Login Fail" and for other users which are another domain they are able to login successfully only user belong to my AD domain having some issue, I have tried restarting Linux Splunk services check AD bind configuration file but not able to fix the issue. Any idea what goes wrong?
Hope it can help you,
check the port and hostname are right, sometime hostname may not be resolved so use the IP address
./splunk show web-port
check startwebserver =1
./splunk cmd btool web list --debug |grep startwebserver
Run these commands to open the iptables/ports in Unix machines
sudo firewall-cmd --zone=public --add-port=8000/tcp --permanent
sudo firewall-cmd --reload
Hope by now u will be able to access the Webserver.
Happy splunking 🙂
This is bizarre, I didn't have to do this in any other instant of Splunk, they all worked,
So wasn't sure this was the right answer. then carried on troubleshooting.
2 days later...thought lets open this port ..and Volla !
by default CentOS 6.4 has IPTables enabled. This blocks port 8000 access. To turn it off do the following:
to prevent it from coming back on next boot
chkconfig iptables off
Hope your Splunk is accessible now after changing your firewall's ACL. If not then check if the hostname in the URL that Splunk gave is resolvable. If not then you'll have to use the server's fully qualified domain name.
Maybe this will help you:
What is the output of the following command:
It should be something like this:
splunkd is running (PID: 9630). splunk helpers are running (PIDs: 9631). splunkweb is running (PID: 9776).
Check the httpport setting in the web.conf file here $SPLUNK_HOME/etc/system/local/
Make sure that something is listening on that port with
Check the log file in $SPLUNK_HOME/var/log/splunk/splunkd.log to see if there are any errors
root@host:/splunk/splunk/bin# ./splunk status
splunkd is running (PID: 27525).
splunk helpers are running (PIDs: 27526).
splunkweb is running (PID: 27537).
httpport = 8001
The netstat command shows that it is listening on the port 8001. I even changed the port and it had no effect.
I checked the logs and it is mostly just info events. I don't think I'm being blocked on a firewall either because I am able to telnet to the server using the port specified.