Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk UI does not show

h2rr821
Explorer
‎06-16-2025 02:02 PM

Hello,
We try to see whether splunk can be our solution for dashboard.

I download the trial version which is 9.4.2(I do see the system support for the version 9.4.2 is RHEL8 or RHEL9.)

Is there any other trial version i can download to try? (Our device use RHEL7 and Python 2)

I am able to install the splunk 9.4.2 in our system and run the splunk start

but I cannot access the UI with the address:

http: {domain-name}:8000.

h2rr821_0-1750107372239.png

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎06-17-2025 11:53 AM

Are you curling from the Splunk machine or your endpoint?

The site is taking too long to respond happens in two cases:

1) You're not using a proxy server and the server you're trying to reach doesn't respond to your connection requests - most probably there is something filtering the network traffic between your desktop/laptop and the server.

2) You are using a proxy server and something is filtering the traffic betwen the proxy server and the destination server (or there is no routing between those servers).

Filtering is actually quite probable since you're trying to reach the default 8000 port, which is not a standard http(s) port so it might not be allowed in your organization.

Most probably you'll need to debug it with your network admin.

You can try to verify with tcpdump/wireshark on the splunk server's side whether the initial SYN packet even reaches the server.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

livehybrid
SplunkTrust
SplunkTrust
‎06-16-2025 03:37 PM

Hi @h2rr821 

The 9.4.x release you have installed may well work on RHEL7, it is just that it is not supported by Splunk.

You can currently download 9.2.x which is supported until Jan 31 2026 and does support RHEL7. See https://www.splunk.com/en_us/legal/splunk-software-support-policy.html?locale=en_us#:~:text=Splunk%2... for more info.

Regarding the error, please can you confirm that there is no firewall between you and the Splunk instance, if so is it permitting your requests? 

I presume that it is not on the same machine you are working on? Does the system show port 8000 being listened on (e.g. ss -ltn)

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

 

0 Karma
Reply
Solved! Jump to solution

h2rr821
Explorer
‎06-17-2025 11:12 AM

Thank you for your response.

I am able to access it with curl.
curl -v -L http://{domain}}:8000

However I cannot access it from the browsers(I do try multiple browsers).

It said taking too long to respond

The firewall seem no issue:
1. ss -ltn | grep 8000

LISTEN 0 128 :8000 😘

2. netstat -tlnp | grep 8000

tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 29947/splunkd

0 Karma
Reply
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎06-17-2025 11:53 AM

Are you curling from the Splunk machine or your endpoint?

The site is taking too long to respond happens in two cases:

1) You're not using a proxy server and the server you're trying to reach doesn't respond to your connection requests - most probably there is something filtering the network traffic between your desktop/laptop and the server.

2) You are using a proxy server and something is filtering the traffic betwen the proxy server and the destination server (or there is no routing between those servers).

Filtering is actually quite probable since you're trying to reach the default 8000 port, which is not a standard http(s) port so it might not be allowed in your organization.

Most probably you'll need to debug it with your network admin.

You can try to verify with tcpdump/wireshark on the splunk server's side whether the initial SYN packet even reaches the server.

0 Karma
Reply
Solved! Jump to solution

h2rr821
Explorer
‎06-17-2025 02:12 PM

I am able to curl it from the splunk machine, but I am not able to do that on my endpoint.

It seems port 8000 port on my endpoint is not allowed in my organization.

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎06-17-2025 02:52 PM

This confirms that there are some filtering on network side or even this splunk server. You could check if there is e.g. iptables running with “iptables -vL” command (if I recall right). But as @PickleRick said, more probable there is network level FW between your workstation and splunk server.

In this case your options are: ask help from your network admins and/or try ssh tunneling from your local node to splunk server. But check first that this is allowed in your organization!

0 Karma
Reply
Solved! Jump to solution

h2rr821
Explorer
‎06-17-2025 03:11 PM

I use proxy to work around the port issue.

I get the same thing as the curl command now.

the web ui show nothing, and I inspect it, 
"browser-not-supported"? I try multiple browser(Chrome, Edge, Firefox)

h2rr821_0-1750198154502.png

 

0 Karma
Reply
Solved! Jump to solution

h2rr821
Explorer
‎06-17-2025 04:04 PM

I fix it by reset the proxy setting.
I am able to access the web ui. 

Thank you very much!!

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎06-17-2025 07:28 AM

As other already said there is probably firewall between your workstation and splunkd running on your RHEL7 box. It could be on RH or if there is any FW between network segments then those are possible candidates.

One way to try it is use ssh tunneling from your workstation to that box (if it's allowed on RH side). Or you could try it with curl on that box to test if it response or not.

Based on your screenshot it should be up and running.

 

 

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎06-16-2025 02:19 PM

On the page you downloaded the trial version from you should have a button or link to older versions. But be aware that older versions will run out of support sooner than the current one.

Anyway, RHEL7 reached end of normal maintenance over a year ago which means no updates anymore (even security ones).

Splunk doesn't much care about python version in your OS since it brings its own one.

And finally - what do you mean by "I can't access http://my_splunk:8000"? Do you get errors of any kind? What are they? Is your traffic filtered in any way? Can you connect from the Splunk server itself (with curl, for example)? Have you verified that the process is listening on that port? Do you have the port open on your os-level firewall?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...