Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cant connect to port 8089 non-localhost, just only localhost

s2upin
Explorer
‎03-16-2017 05:19 AM

I'm just install splunk enterprise in centos 7 , but i cant connect splunk enterprise with port 8089 by python sdk in non-localhost, but i can connect and run script in localhost , anyone have solve ?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mattymo
Splunk Employee
Splunk Employee
‎03-16-2017 06:15 AM

Hi s2upin,

you probably need to add the port to firewalld.

first, verify that splunkd is indeed listening:

[splunker@n00bserver ~]$ ss -tulpn | grep 8089
tcp    LISTEN     0      128       *:8089                  *:*                   users:(("splunkd",pid=11047,fd=5))

The do:

firewall-cmd --add-port 8089/tcp --permanent
firewall-cmd --reload

Verify with:

[root@n00bserver ~]# firewall-cmd --list-ports
5907/tcp 1022/tcp 5908/tcp 5222/tcp 9997/tcp 8089/tcp 5900/tcp 5901/tcp 5904/tcp 5905/tcp 80/tcp 514/udp 8000/tcp 5902/tcp 5903/tcp 5906/tcp
- MattyMo

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mattymo
Splunk Employee
Splunk Employee
‎03-16-2017 06:15 AM

Hi s2upin,

you probably need to add the port to firewalld.

first, verify that splunkd is indeed listening:

[splunker@n00bserver ~]$ ss -tulpn | grep 8089
tcp    LISTEN     0      128       *:8089                  *:*                   users:(("splunkd",pid=11047,fd=5))

The do:

firewall-cmd --add-port 8089/tcp --permanent
firewall-cmd --reload

Verify with:

[root@n00bserver ~]# firewall-cmd --list-ports
5907/tcp 1022/tcp 5908/tcp 5222/tcp 9997/tcp 8089/tcp 5900/tcp 5901/tcp 5904/tcp 5905/tcp 80/tcp 514/udp 8000/tcp 5902/tcp 5903/tcp 5906/tcp
- MattyMo
0 Karma
Reply
Solved! Jump to solution

s2upin
Explorer
‎03-17-2017 11:13 AM

Tks you so much 😄

0 Karma
Reply
Solved! Jump to solution

jwelch_splunk
Splunk Employee
Splunk Employee
‎03-16-2017 06:13 AM

Probably a firewall issue

On local host run:
systemctl stop firewalld
If that fixes the issue, then you know it is the firewall on the local host. If that does not fix the issue then most likley there is another firewall off the box.

If the first one fixes your issue then the solution would be to create a firewall policy that would allow remote connectivity to your box on the splunk ports and turn your firewall back on.

Okie

Reply
Solved! Jump to solution

jwelch_splunk
Splunk Employee
Splunk Employee
‎03-16-2017 06:19 AM

Examples below

Splunk Enterprise also requires several ports to be opened through the firewall(s). To allow
these ports through the built-in firewalld on RHEL enter the following commands:
sudo firewall-cmd -permanent --add-port =8000/tcp
sudo firewall-cmd -permanent --add-port =9997/tcp
sudo firewall-cmd -permanent --add-port =514/tcp
sudo firewall-cmd -permanent --add-port =514/udp
sudo firewall-cmd -reload
sudo firewall-cmd -list-ports
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...