Solved: Why can't I access the UI on new Splunk install on...

jbleich · ‎10-27-2014

I've just finished installing splunk on a new box w/ CentOS installed. I think everything went well, but I'm kinda new to CentOS CLI. Anyways, I can ping new box from my PC and can ping my PC from new box....but when I go to http://ip_of_new_box:8000 it doesnt bring up the UI. I use 8000 because it's the default and I dont remember doing anything else.

Where do I start?

grijhwani · ‎10-27-2014

This would appear to be a Linux system administration question, rather than a matter for Splunk.

You probably have issues with the default local firewall rules not allowing access to port 8000 as a service. Unfortunately recent releases of CentOS no use the firewall daemon and no longer allow interactive configuration of the firewall rules with the command line tool system-config-firewall-tui, which has made it (IMO) unnecessarily complicated.

Log in
Elevate yourself to administration status sudo -s. (You DO have your own account and don't just use root willy nilly, I hope.)
Inspect the firewall rules iptables -L.

Also check, whilst still elevated to superuser, netstat -pant. This should show a port 8000 listening on 0.0.0.0 (i.e. all available addresses).

(This is not really a Linux novice problem.)

View solution in original post

grijhwani · ‎10-27-2014

This would appear to be a Linux system administration question, rather than a matter for Splunk.

You probably have issues with the default local firewall rules not allowing access to port 8000 as a service. Unfortunately recent releases of CentOS no use the firewall daemon and no longer allow interactive configuration of the firewall rules with the command line tool system-config-firewall-tui, which has made it (IMO) unnecessarily complicated.

Log in
Elevate yourself to administration status sudo -s. (You DO have your own account and don't just use root willy nilly, I hope.)
Inspect the firewall rules iptables -L.

Also check, whilst still elevated to superuser, netstat -pant. This should show a port 8000 listening on 0.0.0.0 (i.e. all available addresses).

(This is not really a Linux novice problem.)

jbleich · ‎10-27-2014

You have a doc or instructions on how to enable just access from within our network?

grijhwani · ‎10-28-2014

Not really within the scope of the Splunk forums. If it was CentOS 5 I'd say su then issue the command system-config-firewall-tui, but with CentOS 6 running firewalld, it's a different ball game. To be honest I have not yet really configured one. (There are a lot of the CentIOS 6 and 7 changes I really don't like.)

For generic Linux admin questions you would be far better off consulting online documentation and support sites. (Linuxquestions.org is a start, although if you start asking questions pretty much anywhere without first having read the documentation you're not going to get a friendly reception.)

jbleich · ‎10-27-2014

It was iptables, just shut that off and boom! it worked 🙂

grijhwani · ‎10-27-2014

OK, but that's not really the correct response. You should modify the local firewall to accomodate Splunk, not just hit it with a hammer. 😉

That said, please mark the answer as accepted, so others can see it has been solved.

richgalloway · ‎10-27-2014

Run $SPLUNK_HOME/bin/splunk status to verify Splunk is running.
Check the server.socket_host setting in your $SPLUNK_HOME/etc/system/defaults/web.conf file. If you have to make a change, copy the file to $SPLUNK_HOME/etc/system/local first.

---
If this reply helps you, Karma would be appreciated.

Why can't I access the UI on new Splunk install on CentOS?

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk