Unable to Connect to Splunk: Connection Refused --...

madhuinfy · ‎05-27-2013

Hi ,
I am trying to connect Splunk using Java SDK but i am getting Connection Refused Exception.

Map connectionArgs = new HashMap();
connectionArgs.put("host", "mydomain.com");
connectionArgs.put("username", "admin");
connectionArgs.put("password", "passxxx");
connectionArgs.put("port", 8089);
connectionArgs.put("scheme", "https");
Service splunkService = Service.connect(connectionArgs);

When I am using the browser with the above url i, e, https://mydomain.com i am able to login with the above credentials but through Java sdk i am not able to connect. I debugged the code, In HttpService.java class the URL is getting constructed as
https://mydomain.com:8089/services/auth/login

I am not getting why the URL is getting constructed like this. Kindly help me out in resolving the issue at the earliest. Thanks

chandrasekharko · ‎10-29-2018

Check the management port number. If it is not 8089 use the same port number in you r code too.

hexx · ‎05-27-2013

This URL is constructed to hit the splunkd daemon management port (8089, by default) and then the /services/auth/login endpoint to obtain a session token. See this dev.splunk.com tutorial for more details.

In your case, since you are seeing a "connection refused" message, it appears that either the splunkd daemon is not running, or it has been configured to listen on a port different than 8089. If the latter is true, you'll need to specify that port when constructing the connection instance:

// Create a map of arguments and add login parameters
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername("admin");
loginArgs.setPassword("changeme");
loginArgs.setHost("localhost");
loginArgs.setPort(8089);

// Create a Service instance and log in with the argument map
Service service = Service.connect(loginArgs);

See this tutorial for reference.

snaplogic15 · ‎01-30-2015

I also get an same error "Connection Refused" when I use the hostname given at the time of Splunk Cloud signup with the port number 8089.
But, if I use cURL or HTTP client app (without using Java SDK), I successfully get the session token only if I prefix "input-" to the hostname. If I don't prefix, I get the same "Connection Refused".
If I use the prefixed hostname in the Java SDK code, I get an error:

"hostname in certificate didn't match: != "

If I use localhost as hostname (without prefix), I get an error:

"hostname in certificate didn't match: != "

All cURL REST API calls to localhost work well.
It is not a port number issue, but a hostname and certificate issue.
Please help us solve this issue. I would like to use Java SDK rather than working on the REST API level.
There might be more setting we have to do on the Service object.

hexx · ‎05-28-2013

I think you'd be better off finding out what the splunkd management port is by reading it in $SPLUNK_HOME/etc/system/local/web.conf or by issuing the "splunk show splunkd-port" command.

madhuinfy · ‎05-27-2013

Since i was not sure about the port number,i had put a for loop from 0 to 10000 as shown below, but still getting same issue.This time instead of using domain name i used the ip address itself as below connectionArgs.put("host","165.130.166.206");
connectionArgs.put("username", "admin");connectionArgs.put("password", "passxx");connectionArgs.put("scheme", "https");
for(i=0;i<=10000;i++){try{connectionArgs.put("port",i);
Service splunkService = Service.connect(connectionArgs);
System.out.println("Connected");}catch(Exception e){
System.out.println("could not Connect, The Port No is " + i);}}

Unable to Connect to Splunk: Connection Refused -- while using Java SDK

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life