Installation

Splunk Enterprise 8.0.4.1 can't enter Splunk Web after changing IP address

Alepy
Explorer

I had Splunk Enterprise 8.0.1 this morning and I installed the most recent version (8.0.4.1). After I did this upgrade I restarted Splunk and then I verified in Splunk Web and I had the version 8.0.4.1

But now when I modified the splunk-launch.conf and the web.conf for other ip, by following this site: https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/BindSplunktoanIP

I restarted Splunk and all seem alright, but then I tried to search the same ip and it gave me 500 error like it shows in the printscreen.

If someone can help me, please reply.

Inked7 - Cópia_LI.jpg

Labels (4)
0 Karma
1 Solution

Alepy
Explorer

I found the solution... web.conf file when I restarted Splunk he was getting the IP address from the default web.conf

So I changed both files, so I changed mgmtHostPort in both and on default web.conf I changed the trusted IP too.

Hope I help someone with this answer.

View solution in original post

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

Hi

 

You could look/search in web_service.log (from splunk or directly) for the time where the error occured.

You should see there the complete error message.

 

0 Karma

Alepy
Explorer

I found the solution... web.conf file when I restarted Splunk he was getting the IP address from the default web.conf

So I changed both files, so I changed mgmtHostPort in both and on default web.conf I changed the trusted IP too.

Hope I help someone with this answer.

0 Karma

uagraw01
Motivator

I am getting the same error. from which port number you have replaced in attribute mgmtHostPort under sytem.default/web.conf or system/local/web.conf ?

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

Hi,

you should not edit files in system/default as they belong to splunk and will be overwritten when you upgrade

So either edit in system/local context or in a application.

You just have to place you in the context with a stanza [xxxx] and then add the line you want to change

Tags (1)
0 Karma

Alepy
Explorer

Nevermind, somehow I managed to do it lol.

Ty by the way.

0 Karma

codebuilder
Influencer

My guess is that you have more than one Splunk process running, and the "new" one can't bind to the port because it's already in use.

First I would check the log entries at /opt/splunk/var/log/splunk/splunkd.log for clues about what is happening.

You can also try bringing down the upgraded Splunk instance gracefully and wait for it to completely shut down. Once down, check for any running/dangling splunk processes (ps -ef | grep -i splunk) e.g.

If you find any, kill them and then restart Splunk.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...