Monitoring Splunk

Why is my Splunkd connection refused after logging in?

Engager

I can start Splunk without any errors:

Checking http port [MY_IP_ADDRESS:8000]: open
Checking mgmt port [MY_IP_ADDRESS:8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [MY_IP_ADDRESS:8191]: open

I can get to the login page via browser, log in with the default password, change the password but then I get a 500 server error.
Also, if I enter a wrong username/password, it correctly displays an error.

web_service.log:
    2016-11-10 18:23:51,005 ERROR   [5824ad27007f24e0c7f9d0] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:51,005 INFO    [5824ad27007f24e0c7f9d0] decorators:363 - require_login - no splunkd sessionKey variable set; cherrypy_session=2319ecafa1baed9c68453b13f8adb68c34ac82d8 request_path=/en-US/
    2016-11-10 18:23:51,006 INFO    [5824ad27007f24e0c7f9d0] decorators:384 - require_login - redirecting to login
    2016-11-10 18:23:51,223 ERROR   [5824ad27367f24e0c90d90] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:52,781 ERROR   [5824ad28c77f24e0cb2250] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/server/info
    2016-11-10 18:23:52,782 ERROR   [5824ad28c77f24e0cb2250] __init__:479 - Socket error communicating with splunkd (error=[Errno 111] Connection refused), path = /services/authentication/users/admin

I added the following in etc/splunk-launch.conf:

SPLUNK_BINDIP=MY_IP_ADDRESS

I'm not sure what to do. I opened ports 8000-8200 (just to be safe). I can't figure out on which IP/port it's refusing the connection.

Thanks.

Communicator

I'm having the same issue and I resolved it by removing my SPLUNK_BINDIP addition for the time being. I'm still looking into it, but that solved it for now.

What was your solution? I assume you've solved it since it's been about a month.

0 Karma

Engager

Hi, I did not solve it yet.
I require splunk to only work on one IP address so removing the BINDIP addition is not an option for me...

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!