Installation

Splunk Tunnel URL/hostname Change

rtvnguyen
New Member

So i've been using splunk for a while now and it's fine. To access the console, I use an SSH Tunnel porting localhost 9002 to splunk server web console on port 8000. It's been working fine until recently. I think someone had modified the web.conf or installed some splunk app.

I used to be able to go to https://localhost:9002 to access the splunk UI. But now when I go there, the URL changes to http://127.0.0.1:8000/en-US/ (what it's running on, on the server), how to I stop it from changing the url like this?

Labels (1)
0 Karma

scelikok
SplunkTrust
SplunkTrust

@rtvnguyen,

Splunk web interface uses two HTTP 303 redirects if you point to http://127.0.0.1:8000.

http://127.0.0.1:8000/en-US 

http://127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

These redirects goes HTTPS or HTTP according to Splunk web.conf, ssl enabled or not.

Your Splunk seems not working SSL enabled. That is why redirecting you http://127.0.0.1:8000/en-US/.

You have three options;

1- Point your SSH Tunnel as http://localhost:9002

2- Edit Splunk web.conf to enable SSL and restart.

3- Use direct link https://localhost:9002/en-US/account/login?return_to=%2Fen-US%2F 

Best Regards, 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...