I have a Search Head Splunk running and I can not see the web interface of this, however when reviewing the settings I can see that the service is running and I do not see problems at port 8000 level. This machine is a Centos 7.
[root@localhost bin]# ./splunk status splunkd is running (PID: 3206). splunk helpers are running (PIDs: 3207 3276 3374 3586 3593 3933 3938 3946 3952 3967 3969 3991 4006 4035 4038 4067 4087 4132 4216 4245 4289 19936 21863 29673 31326 37186 37220 38675 38761 39270 39273 39276 39284 40312). [root@localhost bin]# [root@localhost ~]# netstat -anpt |grep -e 8000 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 3206/splunkd tcp 0 1 10.10.9.50:8000 192.168.150.28:47232 FIN_WAIT1 - tcp 0 0 10.10.9.50:8000 10.10.12.232:65198 ESTABLISHED 3206/splunkd tcp 0 0 10.10.9.50:8000 192.168.150.28:47946 ESTABLISHED 3206/splunkd tcp 0 1 10.10.9.50:8000 192.168.150.28:47172 FIN_WAIT1 - tcp 0 0 10.10.9.50:8000 192.168.150.28:48044 ESTABLISHED 3206/splunkd [root@localhost ~]# firewall-cmd --list-all FirewallD is not running
Are you trying to reach the Splunk web interface from the same system where Splunk is running or from another system?
If you are trying to reach the web UI from another client, check that you can ping the Splunk server:
Also check if iptables is blocking incoming connections:
sudo iptables -L
Hello, Thanks for your Answer
I'm trying to join Splunk from another system.
At the connectivity level, I have an answer when I ping from the system.
This is the result of iptables command:
[root@localhost /]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
What is the exact error message in your web browser? Are you getting a timeout?
Your iptables looks fine.
Here are some more ideas:
If you have HTTPS in Splunk enabled, use https://.. instead of http://..
Try it on a different web browser. Perhaps you have a web proxy configured.
If you are running Splunk as root user, you could change the port from 8000 to 80 and see if that helps.
Test the web connection on your Splunk server: curl http://127.0.0.1:8000. It if is working correctly then you should see something like "The resource has moved temporarily