- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- Splunk is running but 8000 port is not listening?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk is running but 8000 port is not listening?
I am trying to install splunk ENTERPRISE in linux vm that is configured on google cloud platform. I see that splunk is running in the server but the port 8000 is not listening and webpage is throwing below error. please help in fixing the issue.
"
This site can’t be reached application-server’s server IP address could not be found.
Search Google for application server 8000
ERR_NAME_NOT_RESOLVED
"
Update : Guys, the issue is resolved after I edited the firewall settings (TCP:8000) in the google cloud platform's network settings. Thank you everyone for taking time and helping me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @priya6970 ,
Could you please check the output of your /opt/splunk/bin/splunk status as well as the output of the /opt/splunk/bin/splunk startcommand ?
This will help you see if there are any errors from the Splunk side. If Splunk is running correctly then you'll need to focus on the network side -> Firewall/proxy/DNS/etc..
Let me know if you see any errors and we can take it from there.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi David,
Splunk is running fine. I don't see any errors even in the errors log file. but 8000 is not listening in the server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
need to disable the firewall on your server if the port is available.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@sathwikr076 I have now disabled firewall, still no luck..
this is what i see in the server.
[root@application-server bin]# sudo lsof -i -P -n | grep LISTEN
sshd 2896 root 3u IPv4 29478 0t0 TCP *:22 (LISTEN)
sshd 2896 root 4u IPv6 29487 0t0 TCP *:22 (LISTEN)
master 3098 root 13u IPv4 29930 0t0 TCP 127.0.0.1:25 (LISTEN)
master 3098 root 14u IPv6 29931 0t0 TCP [::1]:25 (LISTEN)
splunkd 9043 root 4u IPv4 53724 0t0 TCP *:8089 (LISTEN)
splunkd 9043 root 97u IPv4 54364 0t0 TCP *:8000 (LISTEN)
mongod 9106 root 10u IPv4 53799 0t0 TCP *:8191 (LISTEN)
python 9194 root 8u IPv4 54360 0t0 TCP 127.0.0.1:8065 (LISTEN)
[root@application-server bin]#
[root@application-server bin]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2019-05-09 15:23:15 UTC; 3min 45s ago
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you connected thru a “public” zoned network or a “private” zoned network?
If your connection is “private” then the firewall changes you made are wrong.
Otherwise you may have incorrect settings in web.conf. I recommend that you check
index=_internal log_level=error OR log_level=warn*
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jkat54 ,
I am using private network. netstat -ano shows that the port is off. I will try changing the firewall to private network and see
[root@application-server bin]# netstat -ano | grep 8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN off (0.00/0/0)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It’s possible another app is already bound to port 8000. You can run netstat -ano to print the PID that is bound to port 8000 (forth column). Then you can lookup the PID in task manager.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
need to enable firewall port 8000
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have already done that using below commands, still no luck.
firewall-cmd --zone=public --permanent --add-port=8000/tcp firewall-cmd --zone=public --permanent --add-port=5514/udp
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you restart the firewall-cmd aswell?
firewall-cmd --reload
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
netstat -anp tcp | grep LISTEN
use this command to check the port status
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@sravankaripe here is the output of it..
[root@application-server bin]# netstat -anp --tcp | grep LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2896/sshd
tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN 9043/splunkd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3098/master
tcp 0 0 0.0.0.0:8191 0.0.0.0:* LISTEN 9106/mongod
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 9043/splunkd
tcp 0 0 127.0.0.1:8065 0.0.0.0:* LISTEN 9194/python
tcp6 0 0 :::22 :::* LISTEN 2896/sshd
tcp6 0 0 ::1:25 :::* LISTEN 3098/master
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
