Deployment Architecture

Host Splunk on Corporate Intranet?

geeq
New Member

In my organization, we use Splunk on a completely isolated network. I'd like to make it so that my users can just enter in a DNS name into their browser address bar (i.e. http://splunk/) instead of having to enter http://<node_ip_address>:8000. As you may have guessed, I have zero experience when it comes to web hosting configuration.

I have Splunk installed on a Windows Server 2008 R2 x64 machine, and Splunk is its only purpose. I've set the name of this box to "Splunk", and it has entries in our DNS. I changed the port on the Splunk box to 80. On the local machine (machine named "Splunk"), it works like a charm, I enter http://splunk/ and it goes to the sign in page. But on the rest of the network, I get "server timed out" messages. I tried turning off the firewall on the "Splunk" machine just to see if that would help but no dice.

I should also add that we host no other corporate sites or web services, Splunk will be the only one for the foreseeable future.

Any ideas on how to make this work? Do I have to install (and learn) IIS or something like that? Any help is greatly appreciated!

Tags (1)
0 Karma
1 Solution

kphillipson
Path Finder

You will have to change the http port on the Splunk server to 80 in order to use a simple url.

Is there a physical Firewall? If so it may require a firewall rule opened up to allow port 80 traffic to your Splunk server.

Since your server is already named splunk and you can ping it by putting in splunk you should be good to go. If your server is in a different DNS zone, then you will have to create an A Record for your zone that points to the server's ip. You can do a CNAME to cross zones, but that is a DISA finding.

View solution in original post

kphillipson
Path Finder

You will have to change the http port on the Splunk server to 80 in order to use a simple url.

Is there a physical Firewall? If so it may require a firewall rule opened up to allow port 80 traffic to your Splunk server.

Since your server is already named splunk and you can ping it by putting in splunk you should be good to go. If your server is in a different DNS zone, then you will have to create an A Record for your zone that points to the server's ip. You can do a CNAME to cross zones, but that is a DISA finding.

lguinn2
Legend

My guess is that your users do not have a valid route to your Splunk server. On the rest of the network, try

ping splunk

or

ping theSplunkIPAddress

whatever the ip address is. If you can't ping, you probably need to work with your networking team. It sounds like a firewall problem, but I don't think it is on your Splunk server...

0 Karma

geeq
New Member

Thank you for your response, lguinn! Following your suggestion, I can ping the Splunk machine from the DC, both by name and by ip address, but I can't get to the Splunk homepage from the DC. I'll have to look at the firewall on the DC and see if there might be anything causing it to block the connection attempt.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...