Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

can't access web

winniew13
New Member
‎05-25-2017 05:27 AM 
Starting splunk server daemon (splunkd)...  
Done
                                                       [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://splunk:8000

however when i access http://splunk:8000 got an empty page, nothing come up. I tried the IP:8000 the same.
when i check the log, noticed the following

Failed to initialize http_proxy from server.conf for splunkd. Please make sure that the http_proxy property is set as 
http_proxy=http://host:port in case HTTP proxying needs to be enabled.

When I check the listne port to 8000, got nothing:
root@splunk ~]$ sudo ss -l | grep 8000
u_str LISTEN 0 100 private/verify 18000

what should I do now?
why it didnt listen to 8000?
I can ping the ip address but it seems the web app not accessible.

Thanks in advanced!

Winnie

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HQ5452
Explorer
‎05-31-2017 05:10 AM

Check your firewall server configuration maybe and verify that port 8000 is open :

firewall-cmd --zone=public --add-port=8000/tcp --permanent
firewall-cmd --reload

KR,

JB

View solution in original post

Reply
Solved! Jump to solution
Solution

HQ5452
Explorer
‎05-31-2017 05:10 AM

Check your firewall server configuration maybe and verify that port 8000 is open :

firewall-cmd --zone=public --add-port=8000/tcp --permanent
firewall-cmd --reload

KR,

JB

Reply
Solved! Jump to solution

winniew13
New Member
‎05-30-2017 08:10 PM

forgot about it. I got it works, I have to disable the firewall of my VM. thanks for your helps.

Cheer,

0 Karma
Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎05-28-2017 06:47 PM

It looks like it's definately NOT listening on port 8000, so that proxy setting (or something) is messing it up.

Try checking $SPLUNK_HOME/etc/system/local/server.conf for "http_proxy" and erase those lines, if any.

Restart Splunk, then you can run the same netstat tests to see if something is now listening on port 8000 (and check logs, etc...)

If nothing still is, try this:

$ splunk btool server list --debug | grep -i proxy

In my case - no proxy - it gives me this list:

/opt/splunk/etc/system/default/server.conf                             alert_proxying = true
/opt/splunk/etc/system/default/server.conf                             async_replicate_on_proxy = true
/opt/splunk/etc/system/default/server.conf                             ra_proxying = true
/opt/splunk/etc/system/default/server.conf                             sid_proxying = true
/opt/splunk/etc/system/default/server.conf                             ss_proxying = true

Double-check there's no "http_proxy" line, and if there is it'll tell you WHERE it is so you can go whack it.

0 Karma
Reply
Solved! Jump to solution

winniew13
New Member
‎05-30-2017 07:26 PM

ok, get the following

[root@splunk bin]# ./splunk btool server list --debug | grep -i proxy
/opt/splunk/etc/system/default/server.conf                             alert_proxying = true
/opt/splunk/etc/system/default/server.conf                             async_replicate_on_proxy = true
/opt/splunk/etc/system/default/server.conf                             ra_proxying = true
/opt/splunk/etc/system/default/server.conf                             sid_proxying = true
/opt/splunk/etc/system/default/server.conf                             ss_proxying = true

 ./splunk start
splunkd 2305 was not running.
Stopping splunk helpers...
                                                           [  OK  ]
Done.
Stopped helpers.
Removing stale pid file... done.

Splunk> Finding your faults, just like mom.

Checking prerequisites...
    Checking http port [8000]: open
    Checking mgmt port [8089]: open
    Checking appserver port [127.0.0.1:8065]: open
    Checking kvstore port [8191]: open
    Checking configuration...  Done.
    Checking critical directories...    Done
    Checking indexes...
        Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
    Done
    Checking filesystem compatibility...  Done
    Checking conf files for problems...
    Done
    Checking default conf files for edits...
    Validating installed files against hashes from '/opt/splunk/splunk-6.6.0-1c4f3bbe1aea-linux-2.6-x86_64-manifest'
    All installed files intact.
    Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done
                                                           [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://splunk:8000

[root@splunk bin]# sudo ss -l | grep 8000
[root@splunk bin]# hostname
splunk
[root@splunk bin]#

any idea?

0 Karma
Reply
Solved! Jump to solution

winniew13
New Member
‎05-29-2017 10:43 PM

I didn't touch any those .conf file, so they all default

[root@splunk ~]# splunk btool server list --debug | grep -i proxy
-bash: splunk: command not found
[root@splunk ~]# cd /opt/splunk
[root@splunk splunk]# splunk btool server list --debug | grep -i proxy
-bash: splunk: command not found
[root@splunk splunk]#

0 Karma
Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎05-30-2017 05:12 AM

For Linux, you almost had it. 🙂

cd /opt/splunk/bin
./splunk btool server list --debug | grep -i proxy

I should have thought to include the default path in there.

0 Karma
Reply
Solved! Jump to solution

winniew13
New Member
‎05-28-2017 01:41 PM

tcp LISTEN 0 128 :ssh *:

tcp LISTEN 0 128 :8089 *:

tcp LISTEN 0 100 127.0.0.1:smtp :

tcp LISTEN 0 128 :8191 *:

tcp LISTEN 0 128 :irdmi *:

tcp LISTEN 0 100 127.0.0.1:8065 :

tcp LISTEN 0 128 :::ssh :::*

tcp LISTEN 0 100 ::1:smtp :::*

port number tag is missing or 0 the server will NOT start an http listener

this is the port used for both SSL and non-SSL (we only have 1 port now).

httpport = 8000

this determines whether to start SplunkWeb in http or https.

enableSplunkWebSSL = false

location of splunkd; don't include http[s]:// in this anymore.

mgmtHostPort = 127.0.0.1:8089

list of ports to start python application servers on (although usually

one port is enough) Set to 0 to instead run the application server

directly as the web front end on 'httpport', separate from splunkd.

appServerPorts = 8065

I have tried both localhost and my ipaddress or splunk none of them working. what should be the exact url i need to access?
I have mapping my ip in to the etc/hosts file

0 Karma
Reply
Solved! Jump to solution

winniew13
New Member
‎05-28-2017 01:39 PM 
port number tag is missing or 0 the server will NOT start an http listener
# this is the port used for both SSL and non-SSL (we only have 1 port now).
httpport = 8000

# this determines whether to start SplunkWeb in http or https.
enableSplunkWebSSL = false

# location of splunkd; don't include http[s]:// in this anymore.
mgmtHostPort = 127.0.0.1:8089

# list of ports to start python application servers on (although usually
# one port is enough)  Set to 0 to instead run the application server
# directly as the web front end on 'httpport', separate from splunkd.
appServerPorts = 8065

And this is the listening ports

tcp    LISTEN     0      128     *:ssh                   *:*                    
tcp    LISTEN     0      128     *:8089                  *:*                    
tcp    LISTEN     0      100    127.0.0.1:smtp                  *:*                    
tcp    LISTEN     0      128     *:8191                  *:*                    
tcp    LISTEN     0      128     *:irdmi                 *:*                    
tcp    LISTEN     0      100    127.0.0.1:8065                  *:*                    
tcp    LISTEN     0      128    :::ssh                  :::*                    
tcp    LISTEN     0      100       ::1:smtp                 :::*
0 Karma
Reply
Solved! Jump to solution

winniew13
New Member
‎05-27-2017 10:19 AM

It's cents on vbox

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎05-25-2017 07:05 AM

do you need to use a proxy?
if so, check here:
https://docs.splunk.com/Documentation/Splunk/6.6.0/Admin/ConfigureSplunkforproxy

0 Karma
Reply
Solved! Jump to solution

winniew13
New Member
‎05-25-2017 05:25 PM

no, i dont need to, just wonder why i can't access web app at 8000, nothing there? seems not running. how to make it works?

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎05-26-2017 09:37 AM

try localhost:8000
also try to navigate to $SPLUNK_HOME/etc/system/default/web.conf and look for:
httpport = 8000
verify this is the port
is this a windows or linux install?

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...