Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

restrict to localhost only access

jt1
New Member
‎08-11-2021 03:18 PM

I need to restrict my Splunk instance to be only accessible on localhost. To do this, I created a new web.conf file and put it in /opt/splunk/etc/system/local. The file as the following contents:

[settings]

server.socket_host = 127.0.0.1

When I restart splunk, I get the following:

Waiting for web server at http://[random char]:8000 to be available...........

Rather than seeing 127.0.0.1, I see random characters. It just sits there.

What am I missing in the config file?

 

Labels (1)
Labels
0 Karma
Reply

jt1
New Member
‎08-12-2021 02:53 PM

Thanks. There are no special characters. However, I have noticed that the "Waiting for web server at http://[random chars]:8000 to be available..." message does not impact availability on localhost. The message "WARNING: web interface does not seem to be available!" displays. During the entire period that it displays, I can verify that Splunk Web is available at http://localhost:8000.  It seems strange to get a message that the web interface is likely not available while it is still available on localhost. It does, still, achieve the desire effect.

Is this normal system behavior?

A couple additional details: (1) I am running Splunk as root. (2) the web.conf file has rw permissions by root. (3) restarting splunk via "/opt/splunk/bin# ./splunk restart" command. (3) this splunk instance is running everything on a single server. (4) no other conf files have been created or modified other than the web.conf file in the /system/local directory.

 

 

 

0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎08-11-2021 05:02 PM

@jt1 you are correct the with settings , did you check is there a special char in web.conf file??. I have tried with following working fine for both localhost and 127.0.0.1 they are synonyms.

[settings]
server.socket_host = localhost

 

0 Karma
Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
Top