I just installed Splunk for the first time. When trying to open Splunk (localhost:8000) it just fails and I get an "HTTP Error 404. The requested resource is not found." error.
After searching for answers to this problem, I found this http://answers.splunk.com/answers/58888/what-are-the-ports-that-i-need-to-open.html and opened all the ports mentioned, yet I still get that error.
I use Windows 8.
Where else could the problem be and how can I solve it?
Upon suggestion whether the services are started:
Splunkd is running but while trying to start splunkweb I receive "Error 1053: The service did not respond to the start or control request in a timely fashion." Then I searched for it and found http://answers.splunk.com/answers/103302/splunkweb-service-is-not-being-started.html (he has the exact same problem) but unfortunately again only the Splunkd service starts. Also the description at the service states "splunkweb (legacy purposes only): The splunkweb service, which handled all Splunk Web operations and sent requests to the splunkd service, has been disabled stating in Splunk 6.2. The splunkd service now handles all Splunk Enterprise services in normal operation. On Windows, the splunkweb service installs, but does not run by default." So I try to start in legacy mode (http://docs.splunk.com/Documentation/Splunk/6.2.0/Admin/StartSplunk#Start_Splunk_Enterprise_on_Windo...), now the splunkweb service is running indeed but when opening splunk I still get the same 404 error.
Thanks in advance!
@pranzm, Check from Task Manager whether port number 8000 is available.
You can also try starting splunk from command prompt which will show you underlying steps that Splunk performs and before launching Splunk it also check for whether Port 8000 is available or not.
netstat -ao |findstr 8000
The above will give you the PID of the process that is using it
tasklist /FI "PID eq xxxx" (where xxxx = PID from command above)
The above will give you the process that is using the port.
C:\Users\user>netstat -ao| findstr 8000 TCP 0.0.0.0:8000 computerName:0 LISTENING 3832 C:\Users\user>tasklist /FI "PID eq 3832" Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ splunkd.exe 3832 Services 0 112,080 K
This is not how things work in this community. You don't just downvote people's questions because it didn't specifically cater to your issue. How is it other people's fault that the issue they posted 1 year ago wasn't directly related to one person's problem today? You're not going to downvote every single question on here that isn't related to what you're looking for right? You should only downvote people's questions, answers, or comments if whatever they are suggesting in their content is not best practice/could possibly break something in other users' environments.
Please refer to this post on how voting etiquette works in this community forum:
I'm sorry for my misunderstanding here. I just wanted to remove the vote I accidentally placed thinking it was the same issue i was facing. I accept my mistake was unaware of the usage. I have corrected it now
No worries, thank you for coming back to follow up with this so quickly. I (and the rest of the Splunk Community) appreciate it 🙂 I hope you find a solution for your Cisco Security Suite question soon!
Sounds like you are misconfigured somewhere.
$SPLUNK_HOME/bin/splunk cmd btool web list --debug | grep 800
$SPLUNK_HOME is where you installed Splunk. Look for the port setting for 800 and make sure it is set right. The command above will show you where the configuration is coming from.
The second thing to check is permissions. Make sure that the entire
$SPLUNK_HOME folder is owned with group of the user running Splunk. Assuming your are using user
splunk, you can do this:
chown -R splunk: $SPLUNK_HOME
Hi, thanks for your answer. I used the first command (
findstr instead of grep since I use Windows 😎 . It says it's in the etc\system\local\web.conf httpport = 8000. Which is the file I changed (see begin post) in order to get splunkweb to run, so that does makes sense. Then I started splunk manually in my command prompt. It says that port 8000 is already bound and I had to input another port and when go to that other port Splunk is indeed working. When I check for port 8000 it seems that PID is 4 which means port 8000 is listening to System. I know for sure that this port was open before I was doing that splunkweb legacy mode thing because
splunk.exe start worked without command prompt asking for another port. Stopped all apps but no success, I'll just give up and use port 8001 instead.
Sorry for the late reply. After following the tutorial to use in legacy mode I changed the content of the web.conf to port 8000. The one in the local folder was directing to port 8001. It still didn't work. But I check localhost:8001 and there it was! It's strange because still everything is set to 8000. I don't know where else (other than the local web.conf file that at first was directing to 8001) it says to go to 8001 instead of 8000. So it solved partially. As the Splunk shortcut still goes to localhost:8000 and I don't know in which file I can see where else 8001 is stated.
Thanks for this. Changing to 8001 worked for me. Hope this helps other people.
I changed the web.conf file to point at 8000 and restarted the service. It said that port 8000 was being used by another service.