Installation

Splunk Enterprise 8.0.4.1 can't enter Splunk Web after changing IP address

Alepy
Explorer

I had Splunk Enterprise 8.0.1 this morning and I installed the most recent version (8.0.4.1). After I did this upgrade I restarted Splunk and then I verified in Splunk Web and I had the version 8.0.4.1

But now when I modified the splunk-launch.conf and the web.conf for other ip, by following this site: https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/BindSplunktoanIP

I restarted Splunk and all seem alright, but then I tried to search the same ip and it gave me 500 error like it shows in the printscreen.

If someone can help me, please reply.

Inked7 - Cópia_LI.jpg

Labels (4)
0 Karma
1 Solution

Alepy
Explorer

I found the solution... web.conf file when I restarted Splunk he was getting the IP address from the default web.conf

So I changed both files, so I changed mgmtHostPort in both and on default web.conf I changed the trusted IP too.

Hope I help someone with this answer.

View solution in original post

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

Hi

 

You could look/search in web_service.log (from splunk or directly) for the time where the error occured.

You should see there the complete error message.

 

0 Karma

Alepy
Explorer

I found the solution... web.conf file when I restarted Splunk he was getting the IP address from the default web.conf

So I changed both files, so I changed mgmtHostPort in both and on default web.conf I changed the trusted IP too.

Hope I help someone with this answer.

View solution in original post

0 Karma

uagraw01
Communicator

I am getting the same error. from which port number you have replaced in attribute mgmtHostPort under sytem.default/web.conf or system/local/web.conf ?

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

Hi,

you should not edit files in system/default as they belong to splunk and will be overwritten when you upgrade

So either edit in system/local context or in a application.

You just have to place you in the context with a stanza [xxxx] and then add the line you want to change

Tags (1)
0 Karma

Alepy
Explorer

Nevermind, somehow I managed to do it lol.

Ty by the way.

0 Karma

codebuilder
SplunkTrust
SplunkTrust

My guess is that you have more than one Splunk process running, and the "new" one can't bind to the port because it's already in use.

First I would check the log entries at /opt/splunk/var/log/splunk/splunkd.log for clues about what is happening.

You can also try bringing down the upgraded Splunk instance gracefully and wait for it to completely shut down. Once down, check for any running/dangling splunk processes (ps -ef | grep -i splunk) e.g.

If you find any, kill them and then restart Splunk.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!