Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- splunk always starts at 127.0.0.1:8000
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a problem
Splunk always start at http://127.0.0.1:8000 and ignor the interface IP address
it is newly installed in a virtual machine, RHEL 7, IP is set as 192.168.100.1
i access the machine with SSH, i mean the interface is alive, can be access to remotely
but it seems SPLUNK can not recognise it
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
check if you can telnet in port 8000 and 8089 from remote machine if not then these ports are blocked/not accessible.un-block them
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Was there a solution for this at the end ? I'm having the same issue.. Splunk is only binding to locahost
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the issue.. It was with permissions.. I kept executing the restart command under root
As soon as I changed user it worked
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can use the SPLUNK_BINDIP to start splunkd on a specific port
export SPLUNK_BINDIP=your-ip-addr
do a splunk start
you should see the splunk services binding to only the above IP
to make it permanent put this in etc/splunk-launch.conf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you for helping
Splunk does start with the ip SPLUNK_BINDIP specified, but i still cant not access to splunk web through ip-addr:8000
after started, ip-addr:8089 ip-addr:8000 are listening, but can not telnet in from outside.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
check if you can telnet in port 8000 and 8089 from remote machine if not then these ports are blocked/not accessible.un-block them
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you very much
that is my fault: firewall !
RHEL 7, "iptables off" is not effictive...
"systemctl disable firewalld" to shutdown firewall
By the way, splunk 6.2 does not support IE 11 !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you
i cant telnet in either port,
i changed web port and splunkd port to 80 89, still get this:
Checking prerequisites...
Checking http port [80]: open
Checking mgmt port [89]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
[ OK ]
Waiting for web server at http://127.0.0.1:80 to be available... Done
........telnet ip-addr:22 successful
Tech Talk Recap | Mastering Threat Hunting
Observability for AI Applications: Troubleshooting Latency
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
