Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unable to access Splunk Web Portal

sidtalup27
Explorer
‎06-20-2022 12:04 PM

Hello,

I have a new installation of Splunk 9.X. The instance is hosted on Ubuntu OS, on Azure Cloud. There is no Public IP associated with the instance. The instance can only be accessed via the associated Private IP Address (peering is established between Azure and my internal company network)

I tried to telnet the Instance on port 8000, and it is accepting connections. In parallel, when I launch TCPDUMP and refresh the browser, I can see packets on TCPDUMP.

Inspite, I am unable to access the instance via console. I get CONNECTION RESET on the browser.

Please advise.

--
Thanks,
Siddarth

Labels (1)
Labels
0 Karma
Reply

Sunil2
Observer
‎01-20-2024 05:26 AM

@sidtalup27  I have the exact issue, there is nothing wrong with the port configuration on the vm and everything looks fine with NSG at Azure, but still facing issues with splunk web.

 

Were you able to solve the issue you had?

0 Karma
Reply

sidtalup27
Explorer
‎06-20-2022 02:21 PM

@PickleRick , below is the output of netstat.


sadmin@splunk-01:~$ sudo netstat -lpt | grep splunkd
tcp    0    0    splunk:8000 0.0.0.0:*    LISTEN    58145/splunkd
tcp    0     0   0.0.0.0:8089 0.0.0.0:*     LISTEN   58145/splunkd


sadmin@splunk-01:~$ sudo ss -lptn | grep splunkd
LISTEN    0    128     10.X.X.X:8000    0.0.0.0:*     users:(("splunkd",pid=58145,fd=186))
LISTEN    0    128      0.0.0.0:8089      0.0.0.0:*     users:(("splunkd",pid=58145,fd=4))

 

Can you please advise on ''tls enabled in web server's configuration"

 

--
Thanks,
Siddarth

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎06-21-2022 12:03 AM

OK. So splunkd is listening on ports 8000 (where webui should be) and 8089 (that port is for internal splunk uses). So theoretically you should be able to connect to that port using either plain http or https.

If you can't it means that there is something else blocking the connection. Maybe it's the host firewall, maybe you have some firewall in the middle of your network path, maybe you have some transparent proxy - we can't know that - it's your environment 😉

Try connecting to http://<your_ip>:8000 and https://<your_ip>:8000 and see if any of those work.

Typically "connection reset by peer" happens if you have TLS enabled bu try to connect using plain HTTP.

0 Karma
Reply

sidtalup27
Explorer
‎06-20-2022 01:46 PM

@PickleRick , I tried both. over port 80 and 443, either way, I was unsuccessful.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎06-20-2022 01:57 PM

No. I mean that by default Splunk does indeed listen on port 8000 for web ui connections (you can verify it on server side by using

netstat -lpt | grep splunkd

or

ss -lptn | grep splunkd

Your comment that you can access port 8000 with telnet suggests that it is so indeed.

So you should be connecting to your_ip:8000. The question is whether you have tls enabled in web server's configuration and should use https://your_ip:8000 or not and you should use http://your_ip:8000

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎06-20-2022 01:29 PM

You're trying to connect over unencrypted http to a https-enabled port or vice-versa?

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...