Getting Data In

Cent OS6 - LAMP with Splunk

joelc67
Explorer

I followed the basic install of spunk (64-bit) and placed the tar install in /opt/splunk. I successfully started the splunk service.

Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for typos...
All preliminary checks passed.

Starting splunk server daemon (splunkd)... [ OK ]

However, when I attempt to connect to the website at: http://localhost:8000 I get a page cannot be found. I noted the mgmt port is the only one that seems to exist (show above). So I tried http://localhost:8089. It didn't work either. Is there some missing step? Do I need to define some virtual directory in Apache Web Server to point to something in Splunk's /opt/splunk directory?

Any tips are welcome.

dwaddle
SplunkTrust
SplunkTrust

Splunk comes with its own CherryPy based webserver called SplunkWeb. I would have expected a similar output for Splunkweb starting, with messages like:

Checking http port [8000]: open 

Starting splunkweb... Done.
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com/Documentation/Splunk

The Splunk web interface is at http://x.y.com:8000    

My first guess would be you installed the universal forwarder tarball, which does not include Splunkweb, and is intended as an "endpoint" or "agent" installation. Go get the full tarball and give it a try. (Or get the RPMs, "they're tasty" says yum)

mikelanghorst
Motivator

Is anything listening on port 8000? Not sure if they've fixed it for 4.3, but the 4.2 UF would also say after installation to connect on port 8000 locally.

You ask about firewalls, have you looked at the configuration of IPtables? "/sbin/iptables --list" will show the firewall rules currently in affect. You could also "/sbin/service iptables stop" or "/sbin/iptables --flush" to disable them temporarily

joelc67
Explorer

I even hacked the "splunk-launch.conf" and added "SPLUNK_BINDIP=192.168.1.2". Then restarted the whole splunk:

...
Checking http port [192.168.1.2:8000]: open
Checking mgmt port [192.168.1.2:8089]: open
Checking configuration... Done.
Checking index directory...
Validated databases: _audit _blocksignature _internal _thefishbucket history main summary ...

The Splunk web interface is at http://[192.168.1.2]:8000

However, its still does NOT let me view anything on http://192.168.1.2:8000. Is there some firewall setting? or perhaps Apache (httpd) is blocking?

0 Karma

joelc67
Explorer

Although it appears that a full install is on the machine...
Starting splunk server daemon (splunkd)...
[ OK ]
[ OK ]
Done.Starting splunkweb... Done.
If you get stuck, we're here to help.

Look for answers here: http://docs.splunk.com/Documentation/Splunk

The Splunk web interface is at http://127.0.0.1:8000

.....the address I am hitting it at http://192.168.2.1:8000 tells me that no page can be found. I am running CentOS6, httpd, mysql, and Webmin 1.560.

0 Karma

tmeader
Contributor

If the directory that the user sees on the system is actually "/opt/splunk" then, unless they've changed it, I believe that would indicate it's the full version.

It is possible though that they've either 1) somehow managed to disable the web server by setting their full instance to LWF mode... or 2) maybe SELinux is blocking something?

0 Karma

joelc67
Explorer

I installed the correct version....

The Splunk web interface is at http://127.0.0.1:8000

However, the static IP address for the Linux machine which differs from the localhost IP address still says the web page cannot be found. Is there some "config" file I need to hack to put in the actual static IP? Thanks.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...