Security

Unable to connect with my Splunk server which is running locally on my machine.

indecomm
New Member

Hi All,

I am a new user of Splunk and running splunk enterprise server locally on my machine.

When I hit "https://localhost:8089/services/auth/login" url from postman I got the expected response.
But when I replace the localhost with a public url generated using ngrok like "https://1cb2c224.ngrok.io:8089/services/auth/login", it get timed out everytime.

I tried generating my ngrok url with different ports(like 8089, 3000) but acing the same issue.

Please let me know if I am missing something here.

PS: My end requirement is to connect with my splunk server which is running locally from a cloud application. I didn't make any change in server settings and all settings are default one only.

Thanks.

0 Karma
1 Solution

arjunpkishore5
Motivator

Alright.
I figured it out.

It looks like the issue is because your ngrok is trying to forward to http instead of https. Port 8089 has SSL on it. Do the following

./ngrok http https://localhost:8089

Now in your ngrok URL, you shouldn't mention your port again. So you should you access your REST endpoints as follows
<ngrokURL>/<REST endpoint>

For example: http://118f4847.ngrok.io/services/search/jobs

Note: Your ngrok url will continue to stay http even though you are forwarding to an https URL.

Please upvote and mark as answer if this is what you're looking for.

Cheers

View solution in original post

0 Karma

indecomm
New Member

Thanks a lot! Its working for me.

One additional question. Is it possible to generate the ngrok URL without mentioning the port?

So, that I can add 8089 or 8000 in generated URL to access REST API or web based on requirement.

Thanks.

0 Karma

arjunpkishore5
Motivator
0 Karma

indecomm
New Member

Thanks a lot!

0 Karma

arjunpkishore5
Motivator

Alright.
I figured it out.

It looks like the issue is because your ngrok is trying to forward to http instead of https. Port 8089 has SSL on it. Do the following

./ngrok http https://localhost:8089

Now in your ngrok URL, you shouldn't mention your port again. So you should you access your REST endpoints as follows
<ngrokURL>/<REST endpoint>

For example: http://118f4847.ngrok.io/services/search/jobs

Note: Your ngrok url will continue to stay http even though you are forwarding to an https URL.

Please upvote and mark as answer if this is what you're looking for.

Cheers

0 Karma

arjunpkishore5
Motivator

I haven't used ngrok much, and without further details on how you have it configured, I can just make a guess. Based on the possible configurations I can think of in my mind, you need to use one of the following URLs

  1. https://1cb2c224.ngrok.io
  2. https://1cb2c224.ngrok.io/services/auth/login

ngrok would be forwarding the traffic to a particular port on your host, so you don't need to mention the port number in your url again. Also, port 3000 wouldn't work unless the management port on your splunk instance is configured to use port 3000. The default management port for splunk is port 8089. If you have some other application listening on port 3000, your ngrok url would be pointing to that application and not Splunk.

Please upvote and mark as answer if this solves your issue.

Regards
Arjun

0 Karma

indecomm
New Member

Hi Arjun,

Thanks for your quick reply. As I said, I haven't change any server settings and the management port is 8089 only.

So far, I have tried by generated my ngrok url in following ways.

  1. ngrok http 3000 - In this case I tried https://1cb2c224.ngrok.io:8089/services/auth/login (timed out and no response in this case) and https://1cb2c224.ngrok.io/services/auth/login (502 Bad gateway)

  2. ngrok http 8089 - In this case I tried https://1cb2c224.ngrok.io:8089/services/auth/login (timed out and no response in this case) and https://1cb2c224.ngrok.io/services/auth/login (502 Bad gateway)

So, In both the cases if I mention port in URL, it gets timed out and If I omit the port from URL it returns with 502 error.

Do you want me to change the management port to 3000 and try?

Thanks.

0 Karma

arjunpkishore5
Motivator

Don't think it's an issue with Splunk here. This is more an ngrok issue. Is your splunk server up and running ?
can you ngrok to the port 800(the web ui) and just see what that leads to with https://1cb2c224.ngrok.io?

0 Karma

indecomm
New Member

Hi Arjun,

Splunk is up and running, I am getting expected response when I use localhost.

I tried with port 8000.
ngrok http 8000 - In this case I tried https://2882d921.ngrok.io:8089/services/auth/login (timed out and no response in this case) and https://2882d921.ngrok.io/services/auth/login (502 Bad gateway)

So, basically same response 😞

what is the way to connect to a locally running Splunk server from a remote machine?

My requirement is very simple and basic. What I am missing here??

Thanks.

0 Karma

arjunpkishore5
Motivator

Let me try the setup. before that. a a quick question. Are you trying to make Splunk Web available through ngrok? or are you trying to make the rest api available through ngrok?

0 Karma

indecomm
New Member

Really appreciate your effort!
I am using Rest API to connect with my Splunk enterprise server.

Thanks.

0 Karma

arjunpkishore5
Motivator

No problem! Could you please mark as answer the one which worked for you.

0 Karma

arjunpkishore5
Motivator

I tried ngrok on page 8000 and used just the ngrok url without any port numbers and it worked fine. (In my case http://5abb671d.ngrok.io)

by the way. port 8000 is the default to the web ui
port 8089 is the default to the management port.

0 Karma

indecomm
New Member

My splunk web login page couldn't loaded properly when I tried same. Pls visit this url for more details. https://ibb.co/7NDvdZJ

By the way I have to do it for Splunk REST API.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...