Security

Splunk Enterprise starts, but why is my connection refused trying to access Splunk Web in my browser?

natedlee
New Member

I just installed Splunk Enterprise 6.0 and all went swimmingly. However, my connection is refused when trying to go to it in my browser. What am I missing?

Splunk> 4TW

Checking prerequisites...   Checking
http port [8000]: open  Checking mgmt
port [8089]: open   Checking
configuration...  Done.         Creating:
/opt/splunk/var/lib/splunk      Creating:
/opt/splunk/var/run/splunk      Creating:
/opt/splunk/var/run/splunk/appserver/i18n
        Creating:
/opt/splunk/var/run/splunk/appserver/modules/static/css
        Creating:
/opt/splunk/var/run/splunk/upload
        Creating:
/opt/splunk/var/spool/splunk
        Creating:
/opt/splunk/var/spool/dirmoncache
        Creating:
/opt/splunk/var/lib/splunk/authDb
        Creating:
/opt/splunk/var/lib/splunk/hashDb
    Checking critical directories...    Done
    Checking indexes...         Validated:
_audit _blocksignature _internal _thefishbucket history main summary    Done New certs have been generated in
'/opt/splunk/etc/auth'.     Checking
filesystem compatibility...  Done
    Checking conf files for typos... 
    Done All preliminary checks passed.

Starting splunk server daemon
(splunkd)...   Done
                                                           [  OK  ] Starting splunkweb... 
Generating certs for splunkweb server
Generating a 1024 bit RSA private key
........++++++ ...............++++++
writing new private key to
'privKeySecure.pem'
----- Signature ok subject=/CN=localhost.localdomain/O=SplunkUser
Getting CA Private Key writing RSA key
                                                           [  OK  ] Done

If you get stuck, we're here to help. 
Look for answers here:
http://docs.splunk.com

The Splunk web interface is at
http://xxx.xxx.xxx.xxx:8000
0 Karma

chandrasekharko
Path Finder

Check your management port numbers.

0 Karma

earakam
Path Finder

Taking the fact that it worked fine with firewall disabled, I think you just need to open the right port for this. In this case, 8000.
Here is a good port digram
https://answers.splunk.com/answers/118859/diagram-of-splunk-common-network-ports.html

thanks.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Check that you've got the protocol, host name, port correct in the browser. If wrong, correct and try again.
Check that you can establish a connection, e.g. telnet to the host and port. If not, talk to network administration to fix.

That being said, go grab 6.3 - it's significantly improved over 6.0.

0 Karma

natedlee
New Member

I stopped the firewall and it worked fine - so something in my firewall settings is doing this.

I am trying to help a customer using our app and they aren't willing to upgrade to 6.3 yet for some reason - so I'm trying ti troubleshoot the older version with them. I'm just running 6.0 in a VM for these purposes.

0 Karma
Get Updates on the Splunk Community!

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...