Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Changing server IP from 127.0.0.1 to 192.168.0.100

rishipsk1
Observer
‎03-14-2025 08:05 PM

I have started using splunk very recently and I have a couple on monitors in my network which I want to monitor via splunk and integrate snort into splunk so that I get a good dashboard so that I can monitor my network and device logs when I wanted to do that I am unable to configure my forwarders as my splunk enterprise server is running with the Ip 127.0.0.1:8000 but  I want it to run on 192.168.0.112:8000 but cannot find which file to edit .  Fyi I am running splunk server on windows Os and want to connect forwarders from both ubuntu and windows clients can anyone please help me

Labels (1)
Labels
0 Karma
Reply

marnall
Motivator
‎03-24-2025 01:59 PM

How did you get your Splunk Enterprise to run on only 127.0.0.1:8000? By default Splunk should be exposed on other interfaces. If you try accessing your Splunk Enterprise instance using the IP address of your Splunk server as seen on your local network (I assume 192.168.0.112?), does it load?

0 Karma
Reply

bakeery
Loves-to-Learn
‎06-18-2025 06:32 AM

I am facing the same issue, has anyone solved it?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-18-2025 06:41 AM

Normally spunk runs on your nodes all IPs unless you define it differently. So in splunk point of view you don't need to do anything.

But usually nodes and network put firewalls between network segments and also in hosts.

I suppose that you are running this in linux, so you need to check if there is local firewalld or iptables or some other host based fw in use. Just add those ports 8000 (for GUI) and 9997 (for input data from UFs) or what port you are using for ingesting data.  Based on your OS windows/linux+distro this has done different way.

Also you should check if your sources (UFs) are in different network segments and if your users (laptops/workstation) are different segment then open access to those ports. Also there could be some web proxies in use which didn't allow traffic into your Splunk sever GUI (port 8000).

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

What Is Splunk? Here’s What You Can Do with Splunk

Hey Splunk Community, we know you know Splunk. You likely leverage its unparalleled ability to ingest, index, ...

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...