Installation

Why is the Web interface not available in splunk enterprise?

CarolinaHB
Explorer

Hi ,

I installed splunk on a linux server but it sent me the following error "Warning: web interface does not seem to be avaible" in Splunk Enterprise. 

 
 

2020-08-14C.png

I searched in /opt/splunk/var/log/splunk/ but I can't find anything. 

Can you help me, please?

Regards. 

Labels (3)
Tags (1)
0 Karma
1 Solution

rabbidroid
Path Finder

run "ps -ef | grep splunk" and check what user Splunk is running.

View solution in original post

0 Karma

vr2312
Builder

Hi @CarolinaHB , 

As you have installed the application as root and also started the service as root, there might be a chance if the port 8000 is being utilized by another application or blocked by the firewall.
Could you please check if 
1. Port 8000 is open

2. If port 800 is being used by another application 

netstat -tulpn | grep :8000

0 Karma

un1claudiu
Engager

restart the Splunk server and run the ./splunk start from root account. Worked for me!

rabbidroid
Path Finder

What user are you running Splunk as?

0 Karma

CarolinaHB
Explorer

Hi, 

I'm running with root the following command ./splunk start --accept-license

 

 

 

0 Karma

rabbidroid
Path Finder

run "ps -ef | grep splunk" and check what user Splunk is running.

0 Karma

Krutika_Agrawal
Engager

Hi, 
Splunk is not running on root user but some other user, I'm not sure when did it got created.

How do I change the user?Screenshot 2023-06-01 183931.png

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Can you create a new questions where you describe your issue and not use any old solved question?
0 Karma

CarolinaHB
Explorer

User Splunk is running as root 

Captura.PNG

 

0 Karma

rabbidroid
Path Finder

That means Splunk is not running. start Splunk in debug mode

$SPLUNK_HOME/bin/splunk start --debug

0 Karma

CarolinaHB
Explorer

Hi @rabbidroid ,

I'm trying with  $SPLUNK_HOME/bin/splunk start --debug but It is not running.

It send me the same message WARNING: web interface does not seem to be available!

I already installed it again and nothing

Regards.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Usually you could found reason for that from ..../var/log/splunk/splunkd.log

It’s interesting that you haven’t this log on your system. Can you check if there is some other process listening in port 8000? Usually splunk told that and offer you to change the used port. 

If this is a new unused environment, maybe the easiest try is just remove everything and start again?

Any reason why you are using a quite old version without Splunk’s y2k20 fixes?


r. Ismo

0 Karma

impurush
Contributor

@CarolinaHB 
Did you try stopping and starting the server again?
I faced sometimes same thing, just try to stop and start again, generally the web interface likely to be available.
If that did not help, you can try looking into different solutions.

0 Karma

sccheah82
Explorer

I am not allowed to run as root. I have to run using my username. It is only root can start splunk server?

Tags (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

As long as you don’t try to use any port less than 1024 (like syslog input with default 514) and all files are owned by you, you could run it as your username.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...