Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cannot get into webUI, tried everything I can think of

antrovira
Loves-to-Learn
‎02-19-2021 10:34 PM

Hello,

 

I am attempting to install splunk on a fresh install of an ubuntu server 20 VM. This VM is on ESXi, with a pfSense VM running to route traffic, and a few other VM's to create a malware analysis lab. My issue right now, is I cannot seem to get into the web interface for Splunk Enterprise.

I have tried several things; I have made sure that splunk is running on port 8000 and listening, I have disabled iptables, added a pass everything rule on each of my pfSense interfaces, ensured that it is started, the status says that it started correctly, and no errors in the log files. I am currently able to ping from the VM that splunk is on to my laptop, but am not able to ping from my laptop to my VM. I can open any of the other VM's.

I opened wireshark and attempted to look at what was happening, and it seems that when I send a ping to the laptop from the splunk vm, it comes through to my laptop successfully. When i send it from my laptop to the VM, it does not get any response and keeps retrying the packets.
Can anyone help?

Labels (1)
Labels
0 Karma
Reply

gbeatty
Path Finder
‎02-21-2021 08:55 PM

Are you able to telnet to port 8000 on the Splunk server?  Are you able to connect to any other ports?  I am assuming yes.  Additionally, if it is a fresh install of Splunk Enterprise then HTTPS is likely disabled.  If your browser is automatically rerouting all requests to HTTPS, you may not be able to connect.  Turn off anything like HTTPS Everywhere or any applicable browser settings and try to reach the HTTP page explicitly.  Lastly, from my experience with Splunk on Ubuntu is that it comes with UFW enabled and not iptables.  Have you double checked there isn't another host based firewall?

Apologies if these seems simple, but you've already done a lot of troubleshooting steps that I would perform.

0 Karma
Reply

antrovira
Loves-to-Learn
‎02-25-2021 11:19 AM

I have tried to telnet from my laptop to the splunk machine and cannot do so. However, I can telnet and ping out to my laptop from the splunk machine. The UFW is disabled (double checked), and this is a fresh install with nothing else configured. Straight up, dpkg -i "filename" install with nothing done except these tests to check what the issue is.

Any other suggestions?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...