Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk always starts at 127.0.0.1:8000

crazyeva
Contributor
‎10-28-2014 07:46 PM

I have a problem
Splunk always start at http://127.0.0.1:8000 and ignor the interface IP address
it is newly installed in a virtual machine, RHEL 7, IP is set as 192.168.100.1
i access the machine with SSH, i mean the interface is alive, can be access to remotely
but it seems SPLUNK can not recognise it

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kml_uvce
Builder
‎10-29-2014 01:05 AM

check if you can telnet in port 8000 and 8089 from remote machine if not then these ports are blocked/not accessible.un-block them

View solution in original post

Reply
Solved! Jump to solution

stuxnet23
New Member
‎07-06-2017 12:52 PM

Was there a solution for this at the end ? I'm having the same issue.. Splunk is only binding to locahost

0 Karma
Reply
Solved! Jump to solution

stuxnet23
New Member
‎07-06-2017 01:14 PM

I found the issue.. It was with permissions.. I kept executing the restart command under root
As soon as I changed user it worked

0 Karma
Reply
Solved! Jump to solution

ithangasamy_spl
Splunk Employee
Splunk Employee
‎10-29-2014 02:26 AM

you can use the SPLUNK_BINDIP to start splunkd on a specific port
export SPLUNK_BINDIP=your-ip-addr
do a splunk start
you should see the splunk services binding to only the above IP
to make it permanent put this in etc/splunk-launch.conf

0 Karma
Reply
Solved! Jump to solution

crazyeva
Contributor
‎10-29-2014 08:34 PM

thank you for helping
Splunk does start with the ip SPLUNK_BINDIP specified, but i still cant not access to splunk web through ip-addr:8000
after started, ip-addr:8089 ip-addr:8000 are listening, but can not telnet in from outside.

0 Karma
Reply
Solved! Jump to solution
Solution

kml_uvce
Builder
‎10-29-2014 01:05 AM

check if you can telnet in port 8000 and 8089 from remote machine if not then these ports are blocked/not accessible.un-block them

Reply
Solved! Jump to solution

crazyeva
Contributor
‎10-29-2014 09:20 PM

thank you very much
that is my fault: firewall !
RHEL 7, "iptables off" is not effictive...
"systemctl disable firewalld" to shutdown firewall
By the way, splunk 6.2 does not support IE 11 !

0 Karma
Reply
Solved! Jump to solution

crazyeva
Contributor
‎10-29-2014 08:45 PM

thank you
i cant telnet in either port,

i changed web port and splunkd port to 80 89, still get this:

Checking prerequisites...
Checking http port [80]: open
Checking mgmt port [89]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _blocksignature _internal _introspection _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Done
[ OK ]

Waiting for web server at http://127.0.0.1:80 to be available... Done

........telnet ip-addr:22 successful

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...