1) Installed Splunk Enterprise on server 1:
VERSION=7.2.0
BUILD=8c86330ac18
PRODUCT=splunk
PLATFORM=Linux-x86_64
2) Restarting splunkd:
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.
.. [ OK ]
Stopping splunk helpers...
[ OK ]
Done.
Splunk> Be an IT superhero. Go home early.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-7.2.0-8c86330ac18-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
[ OK ]
Waiting for web server at https://127.0.0.1:8000 to be available.. Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at ***:8000
3) Port 8000 is already opened from server1 to server2.
4) Trying to access Web URL from server 2: ***:8000
Not able to open Web URL.
5) Checked splunkd logs:
01-02-2020 03:01:30.767 -0800 ERROR ApplicationUpdater - Error checking for update, URL=https://apps.splunk.com/api/apps:resolve/checkforupgrade: Connect Timeout
01-02-2020 03:03:48.066 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" HTTPSConnectionPool(host='e1345286.api.splkmobile.com', port=443): Max retries exceeded with url: /1.0/e1345286/6b0c90ec-af87-5382-ae54-e94d7b316c04/1/0?hash=none (Caused by : [Errno 110] Connection timed out)
What I have to do?
Found solution...
Run below two commands on newly created VM after Splunk installtion.
sudo firewall-cmd --zone=public --add-port=8000/tcp --permanent
sudo firewall-cmd --reload
After this I am able to open Splunk Web URL.
Found solution...
Run below two commands on newly created VM after Splunk installtion.
sudo firewall-cmd --zone=public --add-port=8000/tcp --permanent
sudo firewall-cmd --reload
After this I am able to open Splunk Web URL.