i have installed ES 4.7 and it took long time to get installed (left it running last evening and this morning ES was up and running). pending restart. i restarted splunk but after that splunk web is not accessible.
same was happening when i tried installing ES 5(known issue) yesterday but then i removed that and fell back on more stable (IMO) ES4.7 version. Now my splunk web is not accessing on https any idea how to fix this
$INSTALL/var/log/splunk/splunkd.log says -
04-19-2018 10:08:03.390 +0400 WARN HttpListener - Socket error from 10.1.23.202 while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
There are rw permissions to splunk (user) on /opt/splunk/etc/myinstall/splunkd.xml .
what's your splunk version ?
it seems there are some known issues for SSL .
[sslConfig] sslVersions = *,-ssl2 sslVersionsForClient = *,-ssl2 cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
@burakcinar, The splunk version is splunk Enterprise 7.0.2 and ES version is 4.7
I have added your shared configs in my /system/local/server.conf and restarted splunk but that didnt bring the web accessible. Could you suggest something else.