- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Binding splunk-web to an ip address - WARNING: web...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We have a distributed Splunk system. Every indexers have 2 IPs (ip1 and ip2) addresses (and 2 NICs, too). The goal is to bind the web interface to ip1 while keeping the ability to receive logs on both IPs.
I've already checked https://docs.splunk.com/Documentation/Splunk/latest/Admin/BindSplunktoanIP and serveral questions here with no luck.
When set server.socket_host setting in web.conf to ip1, and leave SPLUNK_BINDIP, mgmtHostPort on default I recieved this at Splunk startup.
Waiting for web server at http://127.0.0.1:8000 to be available............................................................................................................................................................................................................................................................................................................
WARNING: web interface does not seem to be available!
From 'ss -na' output:
LISTEN 0 128 <ip1>:8000 *:*
UNCONN 0 0 *:514 *:*
Ip1 is not 127.0.0.1, so it will never succeed to connect... but logs can be recieved on any ip. System seems to operational.
How can I handle this warning, Is there a way to achieve my goal without an error?
About the system: Splunk v6.5.1 on 64bit linux, multiple search heads and indexers, no firewall.
Thanks,
Istvan
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I received information from tech support, This is a bug, they will fix it in one of the upcoming releases.
Regards,
István
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I received information from tech support, This is a bug, they will fix it in one of the upcoming releases.
Regards,
István
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fixed in 6.6.3: https://docs.splunk.com/Documentation/Splunk/6.6.3/ReleaseNotes/6.6.3
Issue numbers: SPL-136496, SPL-141953, SPL-141956
Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users
Everything Community at .conf24!
Index This | I’m short for "configuration file.” What am I?
