Monitoring Splunk
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is my Splunkd connection refused after logging in?

sergioa
Engager
‎11-10-2016 09:34 AM

I can start Splunk without any errors:

Checking http port [MY_IP_ADDRESS:8000]: open
Checking mgmt port [MY_IP_ADDRESS:8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [MY_IP_ADDRESS:8191]: open

I can get to the login page via browser, log in with the default password, change the password but then I get a 500 server error.
Also, if I enter a wrong username/password, it correctly displays an error.

web_service.log:
    2016-11-10 18:23:51,005 ERROR   [5824ad27007f24e0c7f9d0] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:51,005 INFO    [5824ad27007f24e0c7f9d0] decorators:363 - require_login - no splunkd sessionKey variable set; cherrypy_session=2319ecafa1baed9c68453b13f8adb68c34ac82d8 request_path=/en-US/
    2016-11-10 18:23:51,006 INFO    [5824ad27007f24e0c7f9d0] decorators:384 - require_login - redirecting to login
    2016-11-10 18:23:51,223 ERROR   [5824ad27367f24e0c90d90] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:52,781 ERROR   [5824ad28c77f24e0cb2250] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:52,782 ERROR   [5824ad28c77f24e0cb2250] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/authentication/users/admin

I added the following in etc/splunk-launch.conf:

SPLUNK_BINDIP=MY_IP_ADDRESS

I'm not sure what to do. I opened ports 8000-8200 (just to be safe). I can't figure out on which IP/port it's refusing the connection.

Thanks.

Reply

j4adam
Communicator
‎12-07-2016 12:33 PM

I'm having the same issue and I resolved it by removing my SPLUNK_BINDIP addition for the time being. I'm still looking into it, but that solved it for now.

What was your solution? I assume you've solved it since it's been about a month.

0 Karma
Reply

sergioa
Engager
‎12-13-2016 05:49 AM

Hi, I did not solve it yet.
I require splunk to only work on one IP address so removing the BINDIP addition is not an option for me...

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top