Installation

Splunk Enterprise 8.0.4.1 can't enter Splunk Web after changing IP address

Alepy
Explorer

I had Splunk Enterprise 8.0.1 this morning and I installed the most recent version (8.0.4.1). After I did this upgrade I restarted Splunk and then I verified in Splunk Web and I had the version 8.0.4.1

But now when I modified the splunk-launch.conf and the web.conf for other ip, by following this site: https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/BindSplunktoanIP

I restarted Splunk and all seem alright, but then I tried to search the same ip and it gave me 500 error like it shows in the printscreen.

If someone can help me, please reply.

Inked7 - Cópia_LI.jpg

Labels (4)
0 Karma
1 Solution

Alepy
Explorer

I found the solution... web.conf file when I restarted Splunk he was getting the IP address from the default web.conf

So I changed both files, so I changed mgmtHostPort in both and on default web.conf I changed the trusted IP too.

Hope I help someone with this answer.

View solution in original post

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

Hi

 

You could look/search in web_service.log (from splunk or directly) for the time where the error occured.

You should see there the complete error message.

 

0 Karma

Alepy
Explorer

I found the solution... web.conf file when I restarted Splunk he was getting the IP address from the default web.conf

So I changed both files, so I changed mgmtHostPort in both and on default web.conf I changed the trusted IP too.

Hope I help someone with this answer.

0 Karma

uagraw01
Builder

I am getting the same error. from which port number you have replaced in attribute mgmtHostPort under sytem.default/web.conf or system/local/web.conf ?

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

Hi,

you should not edit files in system/default as they belong to splunk and will be overwritten when you upgrade

So either edit in system/local context or in a application.

You just have to place you in the context with a stanza [xxxx] and then add the line you want to change

Tags (1)
0 Karma

Alepy
Explorer

Nevermind, somehow I managed to do it lol.

Ty by the way.

0 Karma

codebuilder
Influencer

My guess is that you have more than one Splunk process running, and the "new" one can't bind to the port because it's already in use.

First I would check the log entries at /opt/splunk/var/log/splunk/splunkd.log for clues about what is happening.

You can also try bringing down the upgraded Splunk instance gracefully and wait for it to completely shut down. Once down, check for any running/dangling splunk processes (ps -ef | grep -i splunk) e.g.

If you find any, kill them and then restart Splunk.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...