Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Not able to access Splunk Web after Splunk installation

V4M51
Engager
‎11-07-2017 10:20 PM

I was trying to install Splunk 6.1.1 in CentOs 6.8.
Installation was successful and I was unable to access Splunk web interface.
Can anyone suggest me where I went wrong or what I missed out...
alt text
![alt text][2]

Preview file
8 KB
Preview file
25 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎11-07-2017 11:42 PM

I think it should be firewall issue. But in order to determine that Splunkd is currently listening on port 8000. 

netstat -tulnp | grep 8000

If you get the output, that means Splunk is running fine and you need to tweak the firewall to allow incoming requests for following ports
8000 - Splunk Web
8089 - Splunk Management Port
8191 - KVStore

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-07-2017 11:43 PM

Hi V4M51,
did you disabled iptables?

Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)
# /etc/init.d/iptables save
# /etc/init.d/iptables stop

Turn off firewall on boot:
# chkconfig iptables off

Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)
# /etc/init.d/iptables start

Turn on firewall on boot:
# chkconfig iptables on

on Centos 7
Status
systemctl status firewalld
disable
systemctl disable firewalld
stop
systemctl stop firewalld

Bye.
Giuseppe

Reply
Solved! Jump to solution

V4M51
Engager
‎11-08-2017 01:42 AM

Hi Cusello can you help me how to enable Splunk on firewall without disabling firewall/iptabel

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-08-2017 01:48 AM

See at https://stackoverflow.com/questions/7423309/iptables-block-access-to-port-8000-except-from-ip-addres...

iptables -A INPUT -p tcp --dport 8000 -s 1.2.3.4 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j DROP

Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

V4M51
Engager
‎11-08-2017 08:26 PM

Thanks, this worked....

0 Karma
Reply
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎11-07-2017 11:42 PM

I think it should be firewall issue. But in order to determine that Splunkd is currently listening on port 8000. 

netstat -tulnp | grep 8000

If you get the output, that means Splunk is running fine and you need to tweak the firewall to allow incoming requests for following ports
8000 - Splunk Web
8089 - Splunk Management Port
8191 - KVStore

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎01-24-2021 09:36 AM

Hi @hardikJsheth,

good for you.

Ciao and happy splunking.

Giuseppe

P.S. Karma Points are appreciated by all the contributors 😉

0 Karma
Reply
Solved! Jump to solution

V4M51
Engager
‎11-08-2017 12:09 AM

ports are enabled properly

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎11-07-2017 10:25 PM

try tinkering the web url - http://localhost:8001/

Is this accessible?

0 Karma
Reply
Solved! Jump to solution

V4M51
Engager
‎11-08-2017 12:10 AM

after disabling firewall yes..

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎11-07-2017 10:24 PM

Hi
I think it is firewall issue.

Can you please disable firewall ( JUST for testing) and check again?

0 Karma
Reply
Solved! Jump to solution

V4M51
Engager
‎11-08-2017 01:43 AM

Hi kamlesh_vaghela can you help me how to enable Splunk on firewall without disabling firewall/iptabel

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎11-08-2017 01:56 AM

HI
1) enable firewall.
2) open port splunk ports.

See this link for list of ports: https://docs.splunk.com/Documentation/Splunk/7.0.0/InheritedDeployment/Ports

3) sudo iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 8000 -j ACCEPT

0 Karma
Reply
Solved! Jump to solution

V4M51
Engager
‎11-08-2017 12:07 AM

yeah, I tried to enable Splunk on firewall bt did not work.
So as you suggested I disabled firewall and it works fine as of now.

thank you..

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...