Monitoring Splunk

Why is my Splunkd connection refused after logging in?

sergioa
Engager

I can start Splunk without any errors:

Checking http port [MY_IP_ADDRESS:8000]: open
Checking mgmt port [MY_IP_ADDRESS:8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [MY_IP_ADDRESS:8191]: open

I can get to the login page via browser, log in with the default password, change the password but then I get a 500 server error.
Also, if I enter a wrong username/password, it correctly displays an error.

web_service.log:
    2016-11-10 18:23:51,005 ERROR   [5824ad27007f24e0c7f9d0] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:51,005 INFO    [5824ad27007f24e0c7f9d0] decorators:363 - require_login - no splunkd sessionKey variable set; cherrypy_session=2319ecafa1baed9c68453b13f8adb68c34ac82d8 request_path=/en-US/
    2016-11-10 18:23:51,006 INFO    [5824ad27007f24e0c7f9d0] decorators:384 - require_login - redirecting to login
    2016-11-10 18:23:51,223 ERROR   [5824ad27367f24e0c90d90] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:52,781 ERROR   [5824ad28c77f24e0cb2250] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:52,782 ERROR   [5824ad28c77f24e0cb2250] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/authentication/users/admin

I added the following in etc/splunk-launch.conf:

SPLUNK_BINDIP=MY_IP_ADDRESS

I'm not sure what to do. I opened ports 8000-8200 (just to be safe). I can't figure out on which IP/port it's refusing the connection.

Thanks.

j4adam
Communicator

I'm having the same issue and I resolved it by removing my SPLUNK_BINDIP addition for the time being. I'm still looking into it, but that solved it for now.

What was your solution? I assume you've solved it since it's been about a month.

0 Karma

sergioa
Engager

Hi, I did not solve it yet.
I require splunk to only work on one IP address so removing the BINDIP addition is not an option for me...

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...