Reporting

accessing splunk deployed on amazon ec2 instance

sunnyjaisinghan
Explorer

Hello,

this is my first question related to splunk.
The installation says i can access splunk using

The Splunk web interface is at http://ip-10-28-X-X:8000

Since it is displaying internal DNS name i am sure it will not work. So i tried using the public DNS name that amazon provides and made necessary changes to security group to allow TCP connections to port 8000.

This did not help me load the splunk login page.
All splunk daemons are running.

I also tried making changes to server.conf and inputs.conf by updating the hostname to public DNS name without any success.

What am i missing here. ??

Sunny

Tags (1)
0 Karma
1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

I have an EC2 instance running Splunk as well. I have allowed 443, 80, and 8000 using the AWS Security Group. I access it using the public dns provided by Amazon.

View solution in original post

navneetrastogi9
Engager

I am using elastic ip with port number but still I am not able to access. I have added entry in apache httpd.conf to forward request to localhost:8000 from www.example.com/splunk.

But still it is not working.

sunnyjaisinghan
Explorer

Well.. it turned out that my company blocks outward traffic to non standard ports. So when i changed port 8000 to 80 in web.conf and restarted splunk, i was able to access the URL.

eryoung369
Engager

This was my issue and fix too ('cept I ended up having to create the web.conf file and using 8080).

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

I have an EC2 instance running Splunk as well. I have allowed 443, 80, and 8000 using the AWS Security Group. I access it using the public dns provided by Amazon.

sunnyjaisinghan
Explorer

Should httpd be running on my ec2 instance or a different instance of httpd is running under splunk. ??

I opened port 80 in the security group and started httpd. i was able to access the apache home page. However, i am still not able to access ec2_public_dns:8000

sunnyjaisinghan
Explorer

iptables is switched off on my ec2 instance.

I was planning to assign an elastic IP to my instance and try this thing out.
Will update once i am done with testing it.

Thanks

0 Karma

MHibbin
Influencer

I have played around with some AWS servers, and the general blockage would be with OS level firewall (e.g. if you are using Linux as the OS), it will have IPtables switched on by default.

You will either need to reconfigure IPTables to allow your communication to the server (e.g. 8000). Or you will need to switch IP tables off, which is my normal preference for the cases that I have had (i.e. just using them myself).

The following helps with switching off (which you can use for testing purposes, at a minimum):

http://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/

I would also look at assiging the server with an AWS elastic-IP, as this will allow you to connect via a Public IP address (also easier when troubleshooting). I believe these are free, as long as you are using the elastic-IP and it is not being "wasted" (i.e. not in use, when someone else could be using it). So as long as the elastic-IP is attached to your server, you should be okay.

0 Karma

MHibbin
Influencer

When you start Splunk should try to take ownership of 8000 and 8089 (mgmt), to confirm both ports, you should be able to use the following...

netstat -antp | egrep '8000|8089'

0 Karma

sunnyjaisinghan
Explorer

I tried using elastic IP and that did not work either..

netstat -an | grep 8000

tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN

Do i need to open the mgmt port too. And to whom ?

0 Karma

sunnyjaisinghan
Explorer

iptables is switched off on my ec2 instance.

I was planning to assign an elastic IP to my instance and try this thing out. Will update once i am done with testing it.

Thanks

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...