- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- How to change the Splunk Web URL secured by https?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I like to update/rename the Splunk Web URL which is currently secured with HTTPS
E.g. -> https://localhost:8000
Rename/Update -> https://mysplunkurl.co.in
My plan is to update the DNS entry but I am unsure about what changes I need to make on Splunk.
Really appreciate if you can share some information on the above.
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @srami , there is 2 ways of doing this
You can do it by creating a web.conf under SPLUNK_HOME/etc/system/local
Add the follwoing stanza
[settings]
httpport = <https port number>
enableSplunkWebSSL = true
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/cert_name.key
caCertPath = $SPLUNK_HOME/etc/auth/splunkweb/cert_name.pem
Restart Splunk service
OR you could go into the GUI and do settings>system>server settings>General settings --> Splunk Web and select 'Enable SSL'
Restart Splunk service, when it starts up, you will need to add https://
You can change the URL name by editing server.conf under SPLUNK_HOME/etc/system/local
Create the stanza
[general]
servername = mysplunkurl.co.in
Restart Splunk service
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @srami - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post. If no, please leave a comment with more feedback. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
If you have a certificate and want to use it, your /opt/splunk/etc/system/local/web.conf to look like this:
[settings]
enableSplunkWebSSL = 1
httpport = 8000
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/your_cert_name.key
caCertPath = $SPLUNK_HOME/etc/auth/splunkweb/your_cert_name.pem
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @srami , there is 2 ways of doing this
You can do it by creating a web.conf under SPLUNK_HOME/etc/system/local
Add the follwoing stanza
[settings]
httpport = <https port number>
enableSplunkWebSSL = true
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/cert_name.key
caCertPath = $SPLUNK_HOME/etc/auth/splunkweb/cert_name.pem
Restart Splunk service
OR you could go into the GUI and do settings>system>server settings>General settings --> Splunk Web and select 'Enable SSL'
Restart Splunk service, when it starts up, you will need to add https://
You can change the URL name by editing server.conf under SPLUNK_HOME/etc/system/local
Create the stanza
[general]
servername = mysplunkurl.co.in
Restart Splunk service
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @srami and @skoelpin ,
I tried your second approach.
But still after changing the serverName under server.conf, when i restart splunk services, we get
The Splunk web interface is at https://hostname.domain.net:443
Ideally it should give https://splunkurl.co.in and this URL should be accessible.
i have give the httpport = 443 in web.conf also.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @skoelpin,
Thank you for the response. Really appreciate it!
I evaluated both the approaches you provided and have some questions on them below:
Approach 1:
a) How does the certificate impact the Splunk URL?
b) Not sure where to add the new URL name using this approach?
Approach 2:
c) Will I need certificates to start using the new URL listed in the server.conf file?
d) How will other systems in the environment resolve this URL?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think mis-read the question, I see you already have SSL enabled and want to change the URL and want to know if this will impact the SSL.
I have not tried this, so I cannot give you a 100% accurate answer. BUT, I have enabled SSL and generated certs so I can give you a most likely answer.. When generating the cert/pem file, it's relative to the host, not the URL so any changes to the URL should not be affected
http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Self-signcertificatesforSplunkWeb
So go into your server.conf and modify the name of the URL and this should do the trick (I would test in a sandbox environment first before making changes in production).. The only thing this "should" affect is the URL used to access Splunk. So if you have 10 people using that URL to access Splunk, you will then need to notify 10 people that the URL has changed.
[general]
servername = mysplunkurl.co.in
Restart the Splunk service on the indexer(s)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did this help solve your problem? If so can you close the question and accept the answer
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @skoelpin,
I updated the server name of my indexer as per the instructions you gave. Unfortunately, when I try to connect to this server via Splunk Web, it gave me a 'page not found' error.
Here are the steps I followed -
1. Updated server.conf
[general]
serverName=mysplunkurl.co.in
2. Restart Splunk
3. Connect to server via Splunk Web
Please let me know if there is any alternatives to this approach?
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Now that we confirmed that it's resolving to the correct URL, let's move onto hiding the port number. The browser will interpret port 443 and not show it when keying in the URL. So if you want to hide the port number and only have to type in mysplunkurl.co.in then you will need to change it from port 8000 to port 443. This can be done by going to $SPLUNK_HOME/etc/system/local and adding the following to web.conf and restart the Splunk service
[settings]
enableSplunkWebSSL = 0
httpport = 443
If you do not have a web.conf then go ahead and make it and add that stanza to it.
*To anyone else reading this, I worked with @srami in the IRC and we resolved the error associated with changing the URL name
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can follow the following - Turn on encryption (https) with Splunk Web
New Case Study Shows the Value of Partnering with Splunk Academic Alliance
How to Monitor Google Kubernetes Engine (GKE)
Index This | How can you make 45 using only 4?
