The connection has timed out

Hello @kiran_panchavat ,

Thanks for your response,
However, i checked and found that SElinux is already permissive(0) here 

[acnops_splunk@IEM***** ~]$ getenforce
Permissive

Also, i did curl from local server and don't find any connection error showing in the below output 

[acnops_splunk@IEM****** ~]$ curl -v http://<serverip>:8000
* Rebuilt URL to: http://<serverip>:8000/
* Trying <serverip>...
* TCP_NODELAY set
* Connected to <serverip> port 8000 (#0)
> GET / HTTP/1.1
> Host: <serverip>:8000
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 303 See Other
< Date: Fri, 07 Feb 2025 13:30:56 GMT
< Content-Type: text/html; charset=UTF-8
< X-Content-Type-Options: nosniff
< Content-Length: 339
< Location: http://<serverip>:8000/en-US/
< Vary: Accept-Language
< Connection: Keep-Alive
< X-Frame-Options: SAMEORIGIN
< Server: Splunkd
<
<!doctype html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta http-equiv="refresh" content="1;url=http://<serverip>:8000/en-US/"><title>303 See Other</title></head><body><h1>See Other</h1><p>The resource has moved temporarily <a href="http://<serverip>/en-US/">here</a>.</p></body></html>
* Connection #0 to host <serverip> left intact

@rukshar 

You need to update the URL: curl -v http://<serverip>:8000

Please replace it with your Splunk Web URL.

Yes, i am doing curl for my web url only and the result is good.
Any further help would really be appreciated. 

It looks like port 8000 is already open on the host firewall (I believe "irdmi" referenced is the service name for  port 8000 on RHEL), so it sounds like the host itself should be allowing connectivity.

Nevertheless, you could try explicitly allowing port 8000 and checking the logs:

• Open Port 8000 in the Firewall:

  sudo firewall-cmd --zone=public --add-port=8000/tcp --permanent sudo firewall-cmd --reload

   
  Verify with:
  sudo firewall-cmd --list-all
   
• Check Splunk logs for any errors:
  $SPLUNK_HOME/var/log/splunk/web_service.log
  $SPLUNK_HOME/var/log/splunk/splunkd.log

Have you been able to confirm that no network changes were made around the time? 

@rukshar 

Check Splunk logs for any web service issues: cat /opt/splunk/var/log/splunk/web_service.log 

We are using http url with setting enableSplunkWebSSL = false in web.conf file.

The host where i am trying to access splunk webrowser is a windows machine and the telnet i did is from the splunk server that is a linux machine which i am trying to access and its not accessible in url.

below output from splunk server:

sudo iptables -L
[sudo] password for acnops_splunk:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:irdmi
ACCEPT tcp -- anywhere anywhere tcp dpt:palace-6
ACCEPT tcp -- anywhere anywhere tcp dpt:distinct32
ACCEPT tcp -- anywhere anywhere tcp dpt:8089
ACCEPT tcp -- anywhere anywhere tcp dpt:distinct

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[acnops_splunk@IEM******** ~]$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[acnops_splunk@IEM****** ~]$

looking forward for some solution

Since you apparently did a local connectivity test and it succeeded, there must be something external to Splunk itself preventing you from connecting. Your iptables rules seem to not be interfering (you don't have port 8000 explicitly open but the general policy is ACCEPT). So it points to something network-related. Routing? Filtering on some intermediate device? It's something best solved with your local admin staff since it doesn't seem to be related to Splunk as such.