Security

Splunk Enterprise starts, but why is my connection refused trying to access Splunk Web in my browser?

natedlee
New Member

I just installed Splunk Enterprise 6.0 and all went swimmingly. However, my connection is refused when trying to go to it in my browser. What am I missing?

Splunk> 4TW

Checking prerequisites...   Checking
http port [8000]: open  Checking mgmt
port [8089]: open   Checking
configuration...  Done.         Creating:
/opt/splunk/var/lib/splunk      Creating:
/opt/splunk/var/run/splunk      Creating:
/opt/splunk/var/run/splunk/appserver/i18n
        Creating:
/opt/splunk/var/run/splunk/appserver/modules/static/css
        Creating:
/opt/splunk/var/run/splunk/upload
        Creating:
/opt/splunk/var/spool/splunk
        Creating:
/opt/splunk/var/spool/dirmoncache
        Creating:
/opt/splunk/var/lib/splunk/authDb
        Creating:
/opt/splunk/var/lib/splunk/hashDb
    Checking critical directories...    Done
    Checking indexes...         Validated:
_audit _blocksignature _internal _thefishbucket history main summary    Done New certs have been generated in
'/opt/splunk/etc/auth'.     Checking
filesystem compatibility...  Done
    Checking conf files for typos... 
    Done All preliminary checks passed.

Starting splunk server daemon
(splunkd)...   Done
                                                           [  OK  ] Starting splunkweb... 
Generating certs for splunkweb server
Generating a 1024 bit RSA private key
........++++++ ...............++++++
writing new private key to
'privKeySecure.pem'
----- Signature ok subject=/CN=localhost.localdomain/O=SplunkUser
Getting CA Private Key writing RSA key
                                                           [  OK  ] Done

If you get stuck, we're here to help. 
Look for answers here:
http://docs.splunk.com

The Splunk web interface is at
http://xxx.xxx.xxx.xxx:8000
0 Karma

chandrasekharko
Path Finder

Check your management port numbers.

0 Karma

earakam
Path Finder

Taking the fact that it worked fine with firewall disabled, I think you just need to open the right port for this. In this case, 8000.
Here is a good port digram
https://answers.splunk.com/answers/118859/diagram-of-splunk-common-network-ports.html

thanks.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Check that you've got the protocol, host name, port correct in the browser. If wrong, correct and try again.
Check that you can establish a connection, e.g. telnet to the host and port. If not, talk to network administration to fix.

That being said, go grab 6.3 - it's significantly improved over 6.0.

0 Karma

natedlee
New Member

I stopped the firewall and it worked fine - so something in my firewall settings is doing this.

I am trying to help a customer using our app and they aren't willing to upgrade to 6.3 yet for some reason - so I'm trying ti troubleshoot the older version with them. I'm just running 6.0 in a VM for these purposes.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!