Splunk Tunnel URL/hostname Change

rtvnguyen · ‎12-18-2020

So i've been using splunk for a while now and it's fine. To access the console, I use an SSH Tunnel porting localhost 9002 to splunk server web console on port 8000. It's been working fine until recently. I think someone had modified the web.conf or installed some splunk app.

I used to be able to go to https://localhost:9002 to access the splunk UI. But now when I go there, the URL changes to http://127.0.0.1:8000/en-US/ (what it's running on, on the server), how to I stop it from changing the url like this?

scelikok · ‎12-19-2020

@rtvnguyen,

Splunk web interface uses two HTTP 303 redirects if you point to http://127.0.0.1:8000.

http://127.0.0.1:8000/en-US

http://127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

These redirects goes HTTPS or HTTP according to Splunk web.conf, ssl enabled or not.

Your Splunk seems not working SSL enabled. That is why redirecting you http://127.0.0.1:8000/en-US/.

You have three options;

1- Point your SSH Tunnel as http://localhost:9002

2- Edit Splunk web.conf to enable SSL and restart.

3- Use direct link https://localhost:9002/en-US/account/login?return_to=%2Fen-US%2F

Best Regards,

If this reply helps you an upvote and "Accept as Solution" is appreciated.

Splunk Tunnel URL/hostname Change

Linux

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Are you a member of the Splunk Community?

Splunk Tunnel URL/hostname Change

Linux

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console