I had Splunk Enterprise 8.0.1 this morning and I installed the most recent version (8.0.4.1). After I did this upgrade I restarted Splunk and then I verified in Splunk Web and I had the version 8.0.4.1
But now when I modified the splunk-launch.conf and the web.conf for other ip, by following this site: https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/BindSplunktoanIP
I restarted Splunk and all seem alright, but then I tried to search the same ip and it gave me 500 error like it shows in the printscreen.
If someone can help me, please reply.
I found the solution... web.conf file when I restarted Splunk he was getting the IP address from the default web.conf
So I changed both files, so I changed mgmtHostPort in both and on default web.conf I changed the trusted IP too.
Hope I help someone with this answer.
Hi
You could look/search in web_service.log (from splunk or directly) for the time where the error occured.
You should see there the complete error message.
I found the solution... web.conf file when I restarted Splunk he was getting the IP address from the default web.conf
So I changed both files, so I changed mgmtHostPort in both and on default web.conf I changed the trusted IP too.
Hope I help someone with this answer.
I am getting the same error. from which port number you have replaced in attribute mgmtHostPort under sytem.default/web.conf or system/local/web.conf ?
Hi,
you should not edit files in system/default as they belong to splunk and will be overwritten when you upgrade
So either edit in system/local context or in a application.
You just have to place you in the context with a stanza [xxxx] and then add the line you want to change
Nevermind, somehow I managed to do it lol.
Ty by the way.
My guess is that you have more than one Splunk process running, and the "new" one can't bind to the port because it's already in use.
First I would check the log entries at /opt/splunk/var/log/splunk/splunkd.log for clues about what is happening.
You can also try bringing down the upgraded Splunk instance gracefully and wait for it to completely shut down. Once down, check for any running/dangling splunk processes (ps -ef | grep -i splunk) e.g.
If you find any, kill them and then restart Splunk.