Security

The Splunk web interface is not opening (RHEL 7.x server using sudo root access).

splunking100
New Member

I’ve installed a splunk entreprise (evaluation) in RHEL 7.x server using sudo root access.
But The Splunk web interface is not opening.

Please help.
I tried below options:
a. Export SPLUNK_HOME Path
b. Restarted the splunk services
c. verified : Ports 8000 / 8089 are open

---from Terminal-------

sh-4.2# pwd
/opt/splunk/bin
sh-4.2# ./splunk restart
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.
[ OK ]
Stopping splunk helpers...
[ OK ]
Done.
Splunk> Like an F-18, bro.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-7.2.6-c0bf0f679ce9-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
[ OK ]
Waiting for web server at http://127.0.0.1:8000 to be available..... Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://************:8000

Labels (1)
Tags (1)
0 Karma

burakcinar
Path Finder

hi,
could you share content of /opt/splunk/var/log/splunk/web_service.log ?

0 Karma

ppanchal
Path Finder

I am also facing the same issue. Here are contents from web_service.log.

Please help.

2020-04-09 15:52:19,659 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Caught signal SIGTERM.
2020-04-09 15:52:19,659 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Bus STOPPING
2020-04-09 15:52:20,025 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: HTTP Server cherrypy.cpwsgi_server.CPWSGIServer(('127.0.0.1', 8065)) shut down
2020-04-09 15:52:20,042 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Stopped thread 'Monitor'.
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Stopped thread '_TimeoutMonitor'.
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Bus STOPPED
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Bus EXITING
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Bus EXITED
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Waiting for child threads to terminate...
2020-04-09 15:53:30,757 INFO [5e8f44fab27f1ac18dd290] __init
:168 - Using default logging config file: /opt/splunk/etc/log.cfg
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk level=INFO
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk.appserver level=INFO
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk.appserver.controllers level=INFO
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk.appserver.controllers.proxy level=INFO
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk.appserver.lib level=WARN
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
_:206 - Setting logger=splunk.pdfgen level=INFO
2020-04-09 15:53:31,114 INFO [5e8f44fab27f1ac18dd290] lists:59 - List controller loaded: EntitiesListGenerator
2020-04-09 15:53:31,114 INFO [5e8f44fab27f1ac18dd290] lists:65 - Setting lists/entities
2020-04-09 15:53:31,114 INFO [5e8f44fab27f1ac18dd290] lists:59 - List controller loaded: JobsListGenerator
2020-04-09 15:53:31,114 INFO [5e8f44fab27f1ac18dd290] lists:65 - Setting lists/jobs
2020-04-09 15:53:31,119 INFO [5e8f44fab27f1ac18dd290] root:266 - Proxied mode ip_address=127.0.0.1 port=8065 exposed_port=8000:
2020-04-09 15:53:31,198 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: mgmtHostPort (str): 127.0.0.1:8089
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: server.max_request_body_size (int): 524288000
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: server.socket_host (str): 127.0.0.1
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: server.socket_port (int): 8065
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: serverCert (str): $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: serverName (str): ip-10-160-161-135.wm.com
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: server_pooling_storage (str):
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: showProductMenu (bool): False
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: showUserMenuProfile (bool): False
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: simple_error_page (bool): False
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: site_packages_path (str): /opt/splunk/lib/python2.7/site-packages

2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: splunkdConnectionTimeout (int): 30
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: splunkdTrustedIP (NoneType): None
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: sslVersions (str): ssl3, tls
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: start_time (float): 1586447611.19
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: startwebserver (int): 1
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: staticAssetId (str): D57E47082B0454004F85C8AB503D7A8366A7AF9009AF73B5B96D04AC031B5081
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: staticCompressionLevel (int): 9
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: static_dir (str): share/splunk/search_mrsparkle/exposed
2020-04-09 15:53:31,195 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: error_page.default (instancemethod): >
2020-04-09 15:53:31,195 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: error_page.default (instancemethod): >
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: static_endpoint (str): /static
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: staticdir (str): /opt/splunk/share/splunk/search_mrsparkle/exposed
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: template_dir (str): share/splunk/search_mrsparkle/templates
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: testing_dir (str): share/splunk/testing
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: testing_endpoint (str): /testing
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.csrfcookie.name (str): splunkweb_csrf_token_8000
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.csrfcookie.port (str): 8000
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.decode.on (bool): True
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.encode.encoding (str): utf-8
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.encode.on (bool): True
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.log_headers.on (bool): True
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.log_tracebacks.on (bool): True
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.response_headers.headers (list): [('Server', 'Splunk')]
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.response_headers.on (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.httponly (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.name (str): session_id_8000
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.on (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.restart_persist (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.secure (bool): False
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.storage_path (str): /opt/splunk/var/run/splunk
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.storage_type (str): file
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.timeout (int): 60
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.trailing_slash.on (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: trap_module_exceptions (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: trustedIP (str): 127.0.0.1
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: ui_inactivity_timeout (int): 60
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: updateCheckerBaseURL (str): https://quickdraw.splunk.com/js/
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: use_future_expires (bool): True
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: userRegistrationURL (str): https://www.splunk.com/page/sign_up
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: verifyCookiesWorkDuringLogin (bool): True
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: version_label (str): 6.5.0
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: version_number (str): 6.5.0
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: x_frame_options_sameorigin (bool): True
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:717 - DJANGO: configuring...
2020-04-09 15:53:31,326 INFO [5e8f44fab27f1ac18dd290] root:762 - DJANGO: not starting, found no apps
2020-04-09 15:53:31,327 INFO [5e8f44fab27f1ac18dd290] root:129 - ENGINE: Bus STARTING
2020-04-09 15:53:31,335 INFO [5e8f44fab27f1ac18dd290] root:129 - ENGINE: Started monitor thread '_TimeoutMonitor'.
2020-04-09 15:53:31,416 INFO [5e8f44fb697f1abf19c9d0] root:129 - ENGINE: Started monitor thread 'Monitor'.
2020-04-09 15:53:31,439 INFO [5e8f44fab27f1ac18dd290] root:129 - ENGINE: Serving on 127.0.0.1:8065
2020-04-09 15:53:31,439 INFO [5e8f44fab27f1ac18dd290] root:129 - ENGINE: Bus STARTED
[root@ip-10-160-161-135 splunk]# cat web_service.log

0 Karma

o_calmels
Communicator

Hi,

As port 8000 seams to be open, had you tried curl command on the server himself, to check if the webserver is responding:
curl http://your.ip.adress:8000
If you get response, the problem is not on splunk install, maybe firewalls anywhere ?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Have you checked your firewall(s)?

---
If this reply helps you, an upvote would be appreciated.
0 Karma

abhinav_go
Engager

I am also facing same issue. and got response from curl command.How can i check my firewall(s) if that is not blocking? 

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!