Solved: Re: How to operate Splunk in a standalone environm...

mrglover · ‎02-02-2016

Just installed Splunk on a standalone PC. Upon launching the application, a web-browser opens, where it is trying to access the web. Since this is a standalone PC, there is no connection to the outside via a web-browser. Is there a way I can utilize Splunk on a standalone system to simply perform automatic auditing, or did I buy something that I cannot use?

anshu · ‎02-02-2016

You can definitely run Splunk in a standalone environment. The following are some features that Splunk needs an internet connection for, but they are mandatory to use the software:

The Splunk login page checks for available updates to Splunk
You can browse and install apps from Splunkbase within the "Manage Apps" page.

For item 1, you can disable the update check in web.conf by setting "updateCheckerBaseURL = 0"

View solution in original post

lguinn2 · ‎02-02-2016

Splunk "phones home" to see if there is a new release available. Otherwise, it does not need network access in order to run; it will still start even if there is no connection to the Internet.

The Splunk user interface is browser-based. All that means is that you use a web browser (Firefox, etc.) to access the Splunk user interface. By default, Splunk is set to use port 8000 when it is installed. Therefore, you should be able to do this: open firefox and enter localhost:8000 as the address. The Splunk login screen should appear.

mrglover · ‎02-03-2016

I have tried with both Http://localhost:8000 and Https://localhost:8000 and I get the generic "Internet Explorer cannot display this page error". Could the problem be caused by the fact that I am using Internet Explorer, even though the documentation states that Internet Explorer is supported as a browser?

ggb667 · ‎10-29-2019

Apparently you need an HTML 5 version of IE.

wpreston · ‎02-03-2016

What version of Internet Explorer are you using?

mrglover · ‎02-03-2016

Internet Explorer 8

anshu · ‎02-02-2016

You can definitely run Splunk in a standalone environment. The following are some features that Splunk needs an internet connection for, but they are mandatory to use the software:

The Splunk login page checks for available updates to Splunk
You can browse and install apps from Splunkbase within the "Manage Apps" page.

For item 1, you can disable the update check in web.conf by setting "updateCheckerBaseURL = 0"

mrglover · ‎02-10-2016

Thanks that worked. Upgraded to IE11 and was able to login without issues.

mrglover · ‎02-03-2016

Tried this and got a little further in the process. I now get a webpage with Http: (or https:)//localhost:8000 and the error " internet explorer cannot display the webpage. Could the problem be the fact that I am using Internet Explorer as my default browser, even though the documentation states that Internet Explorer is supported?

anshu · ‎02-03-2016

I'm not sure as I haven't tested using Splunk with IE8, but assuming you downloaded the latest version of Splunk, which is 6.3.2, IE8 is not supported. The last version to support IE8 was 6.0.x.

http://docs.splunk.com/Documentation/Splunk/6.3.2/Installation/Systemrequirements#Supported_browsers

If IE8 is a requirement for you then you can find older releases of Splunk here: http://www.splunk.com/page/previous_releases

I would ensure compatibility between the version of Splunk you are using and the version of your browser first, before troubleshooting further.

How to operate Splunk in a standalone environment?

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout