Security

Not able to access Splunk Web after Splunk installation

V4M51
Engager

I was trying to install Splunk 6.1.1 in CentOs 6.8.
Installation was successful and I was unable to access Splunk web interface.
Can anyone suggest me where I went wrong or what I missed out...
alt text
![alt text][2]

0 Karma
1 Solution

hardikJsheth
Motivator

I think it should be firewall issue. But in order to determine that Splunkd is currently listening on port 8000.

netstat -tulnp | grep 8000

If you get the output, that means Splunk is running fine and you need to tweak the firewall to allow incoming requests for following ports
8000 - Splunk Web
8089 - Splunk Management Port
8191 - KVStore

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi V4M51,
did you disabled iptables?

Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)
# /etc/init.d/iptables save
# /etc/init.d/iptables stop

Turn off firewall on boot:
# chkconfig iptables off

Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)
# /etc/init.d/iptables start

Turn on firewall on boot:
# chkconfig iptables on

on Centos 7
Status
systemctl status firewalld
disable
systemctl disable firewalld
stop
systemctl stop firewalld

Bye.
Giuseppe

V4M51
Engager

Hi Cusello can you help me how to enable Splunk on firewall without disabling firewall/iptabel

0 Karma

gcusello
SplunkTrust
SplunkTrust

See at https://stackoverflow.com/questions/7423309/iptables-block-access-to-port-8000-except-from-ip-addres...

iptables -A INPUT -p tcp --dport 8000 -s 1.2.3.4 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j DROP

Bye.
Giuseppe

0 Karma

V4M51
Engager

Thanks, this worked....

0 Karma

hardikJsheth
Motivator

I think it should be firewall issue. But in order to determine that Splunkd is currently listening on port 8000.

netstat -tulnp | grep 8000

If you get the output, that means Splunk is running fine and you need to tweak the firewall to allow incoming requests for following ports
8000 - Splunk Web
8089 - Splunk Management Port
8191 - KVStore

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @hardikJsheth,

good for you.

Ciao and happy splunking.

Giuseppe

P.S. Karma Points are appreciated by all the contributors 😉

0 Karma

V4M51
Engager

ports are enabled properly

0 Karma

Sukisen1981
Champion

try tinkering the web url - http://localhost:8001/

Is this accessible?

0 Karma

V4M51
Engager

after disabling firewall yes..

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi
I think it is firewall issue.

Can you please disable firewall ( JUST for testing) and check again?

0 Karma

V4M51
Engager

Hi kamlesh_vaghela can you help me how to enable Splunk on firewall without disabling firewall/iptabel

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

HI
1) enable firewall.
2) open port splunk ports.

See this link for list of ports: https://docs.splunk.com/Documentation/Splunk/7.0.0/InheritedDeployment/Ports

3) sudo iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 8000 -j ACCEPT

0 Karma

V4M51
Engager

yeah, I tried to enable Splunk on firewall bt did not work.
So as you suggested I disabled firewall and it works fine as of now.

thank you..

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!