Security

Not able to access Splunk Web after Splunk installation

V4M51
Engager

I was trying to install Splunk 6.1.1 in CentOs 6.8.
Installation was successful and I was unable to access Splunk web interface.
Can anyone suggest me where I went wrong or what I missed out...
alt text
![alt text][2]

0 Karma
1 Solution

hardikJsheth
Motivator

I think it should be firewall issue. But in order to determine that Splunkd is currently listening on port 8000.

netstat -tulnp | grep 8000

If you get the output, that means Splunk is running fine and you need to tweak the firewall to allow incoming requests for following ports
8000 - Splunk Web
8089 - Splunk Management Port
8191 - KVStore

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi V4M51,
did you disabled iptables?

Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)
# /etc/init.d/iptables save
# /etc/init.d/iptables stop

Turn off firewall on boot:
# chkconfig iptables off

Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)
# /etc/init.d/iptables start

Turn on firewall on boot:
# chkconfig iptables on

on Centos 7
Status
systemctl status firewalld
disable
systemctl disable firewalld
stop
systemctl stop firewalld

Bye.
Giuseppe

V4M51
Engager

Hi Cusello can you help me how to enable Splunk on firewall without disabling firewall/iptabel

0 Karma

gcusello
SplunkTrust
SplunkTrust

See at https://stackoverflow.com/questions/7423309/iptables-block-access-to-port-8000-except-from-ip-addres...

iptables -A INPUT -p tcp --dport 8000 -s 1.2.3.4 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j DROP

Bye.
Giuseppe

0 Karma

V4M51
Engager

Thanks, this worked....

0 Karma

hardikJsheth
Motivator

I think it should be firewall issue. But in order to determine that Splunkd is currently listening on port 8000.

netstat -tulnp | grep 8000

If you get the output, that means Splunk is running fine and you need to tweak the firewall to allow incoming requests for following ports
8000 - Splunk Web
8089 - Splunk Management Port
8191 - KVStore

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @hardikJsheth,

good for you.

Ciao and happy splunking.

Giuseppe

P.S. Karma Points are appreciated by all the contributors 😉

0 Karma

V4M51
Engager

ports are enabled properly

0 Karma

Sukisen1981
Champion

try tinkering the web url - http://localhost:8001/

Is this accessible?

0 Karma

V4M51
Engager

after disabling firewall yes..

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi
I think it is firewall issue.

Can you please disable firewall ( JUST for testing) and check again?

0 Karma

V4M51
Engager

Hi kamlesh_vaghela can you help me how to enable Splunk on firewall without disabling firewall/iptabel

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

HI
1) enable firewall.
2) open port splunk ports.

See this link for list of ports: https://docs.splunk.com/Documentation/Splunk/7.0.0/InheritedDeployment/Ports

3) sudo iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 8000 -j ACCEPT

0 Karma

V4M51
Engager

yeah, I tried to enable Splunk on firewall bt did not work.
So as you suggested I disabled firewall and it works fine as of now.

thank you..

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...