Security

The Splunk web interface is not opening (RHEL 7.x server using sudo root access).

splunking100
New Member

I’ve installed a splunk entreprise (evaluation) in RHEL 7.x server using sudo root access.
But The Splunk web interface is not opening.

Please help.
I tried below options:
a. Export SPLUNK_HOME Path
b. Restarted the splunk services
c. verified : Ports 8000 / 8089 are open

---from Terminal-------

sh-4.2# pwd
/opt/splunk/bin
sh-4.2# ./splunk restart
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.
[ OK ]
Stopping splunk helpers...
[ OK ]
Done.
Splunk> Like an F-18, bro.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-7.2.6-c0bf0f679ce9-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
[ OK ]
Waiting for web server at http://127.0.0.1:8000 to be available..... Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://************:8000

Labels (1)
Tags (1)
0 Karma

burakcinar
Path Finder

hi,
could you share content of /opt/splunk/var/log/splunk/web_service.log ?

0 Karma

ppanchal
Path Finder

I am also facing the same issue. Here are contents from web_service.log.

Please help.

2020-04-09 15:52:19,659 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Caught signal SIGTERM.
2020-04-09 15:52:19,659 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Bus STOPPING
2020-04-09 15:52:20,025 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: HTTP Server cherrypy.cpwsgi_server.CPWSGIServer(('127.0.0.1', 8065)) shut down
2020-04-09 15:52:20,042 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Stopped thread 'Monitor'.
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Stopped thread '_TimeoutMonitor'.
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Bus STOPPED
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Bus EXITING
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Bus EXITED
2020-04-09 15:52:20,060 INFO [5e8f3268e07ff3e57fe250] root:129 - ENGINE: Waiting for child threads to terminate...
2020-04-09 15:53:30,757 INFO [5e8f44fab27f1ac18dd290] __init
:168 - Using default logging config file: /opt/splunk/etc/log.cfg
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk level=INFO
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk.appserver level=INFO
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk.appserver.controllers level=INFO
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk.appserver.controllers.proxy level=INFO
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
:206 - Setting logger=splunk.appserver.lib level=WARN
2020-04-09 15:53:30,758 INFO [5e8f44fab27f1ac18dd290] __init
_:206 - Setting logger=splunk.pdfgen level=INFO
2020-04-09 15:53:31,114 INFO [5e8f44fab27f1ac18dd290] lists:59 - List controller loaded: EntitiesListGenerator
2020-04-09 15:53:31,114 INFO [5e8f44fab27f1ac18dd290] lists:65 - Setting lists/entities
2020-04-09 15:53:31,114 INFO [5e8f44fab27f1ac18dd290] lists:59 - List controller loaded: JobsListGenerator
2020-04-09 15:53:31,114 INFO [5e8f44fab27f1ac18dd290] lists:65 - Setting lists/jobs
2020-04-09 15:53:31,119 INFO [5e8f44fab27f1ac18dd290] root:266 - Proxied mode ip_address=127.0.0.1 port=8065 exposed_port=8000:
2020-04-09 15:53:31,198 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: mgmtHostPort (str): 127.0.0.1:8089
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: server.max_request_body_size (int): 524288000
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: server.socket_host (str): 127.0.0.1
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: server.socket_port (int): 8065
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: serverCert (str): $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
2020-04-09 15:53:31,200 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: serverName (str): ip-10-160-161-135.wm.com
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: server_pooling_storage (str):
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: showProductMenu (bool): False
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: showUserMenuProfile (bool): False
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: simple_error_page (bool): False
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: site_packages_path (str): /opt/splunk/lib/python2.7/site-packages

2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: splunkdConnectionTimeout (int): 30
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: splunkdTrustedIP (NoneType): None
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: sslVersions (str): ssl3, tls
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: start_time (float): 1586447611.19
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: startwebserver (int): 1
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: staticAssetId (str): D57E47082B0454004F85C8AB503D7A8366A7AF9009AF73B5B96D04AC031B5081
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: staticCompressionLevel (int): 9
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: static_dir (str): share/splunk/search_mrsparkle/exposed
2020-04-09 15:53:31,195 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: error_page.default (instancemethod): >
2020-04-09 15:53:31,195 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: error_page.default (instancemethod): >
2020-04-09 15:53:31,201 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: static_endpoint (str): /static
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: staticdir (str): /opt/splunk/share/splunk/search_mrsparkle/exposed
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: template_dir (str): share/splunk/search_mrsparkle/templates
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: testing_dir (str): share/splunk/testing
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: testing_endpoint (str): /testing
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.csrfcookie.name (str): splunkweb_csrf_token_8000
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.csrfcookie.port (str): 8000
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.decode.on (bool): True
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.encode.encoding (str): utf-8
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.encode.on (bool): True
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.log_headers.on (bool): True
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.log_tracebacks.on (bool): True
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.response_headers.headers (list): [('Server', 'Splunk')]
2020-04-09 15:53:31,202 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.response_headers.on (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.httponly (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.name (str): session_id_8000
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.on (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.restart_persist (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.secure (bool): False
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.storage_path (str): /opt/splunk/var/run/splunk
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.storage_type (str): file
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.sessions.timeout (int): 60
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: tools.trailing_slash.on (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: trap_module_exceptions (bool): True
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: trustedIP (str): 127.0.0.1
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: ui_inactivity_timeout (int): 60
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: updateCheckerBaseURL (str): https://quickdraw.splunk.com/js/
2020-04-09 15:53:31,203 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: use_future_expires (bool): True
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: userRegistrationURL (str): https://www.splunk.com/page/sign_up
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: verifyCookiesWorkDuringLogin (bool): True
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: version_label (str): 6.5.0
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: version_number (str): 6.5.0
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:650 - CONFIG: x_frame_options_sameorigin (bool): True
2020-04-09 15:53:31,204 INFO [5e8f44fab27f1ac18dd290] root:717 - DJANGO: configuring...
2020-04-09 15:53:31,326 INFO [5e8f44fab27f1ac18dd290] root:762 - DJANGO: not starting, found no apps
2020-04-09 15:53:31,327 INFO [5e8f44fab27f1ac18dd290] root:129 - ENGINE: Bus STARTING
2020-04-09 15:53:31,335 INFO [5e8f44fab27f1ac18dd290] root:129 - ENGINE: Started monitor thread '_TimeoutMonitor'.
2020-04-09 15:53:31,416 INFO [5e8f44fb697f1abf19c9d0] root:129 - ENGINE: Started monitor thread 'Monitor'.
2020-04-09 15:53:31,439 INFO [5e8f44fab27f1ac18dd290] root:129 - ENGINE: Serving on 127.0.0.1:8065
2020-04-09 15:53:31,439 INFO [5e8f44fab27f1ac18dd290] root:129 - ENGINE: Bus STARTED
[root@ip-10-160-161-135 splunk]# cat web_service.log

0 Karma

o_calmels
Communicator

Hi,

As port 8000 seams to be open, had you tried curl command on the server himself, to check if the webserver is responding:
curl http://your.ip.adress:8000
If you get response, the problem is not on splunk install, maybe firewalls anywhere ?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Have you checked your firewall(s)?

---
If this reply helps you, Karma would be appreciated.
0 Karma

abhinav_go
Explorer

I am also facing same issue. and got response from curl command.How can i check my firewall(s) if that is not blocking? 

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...