Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cannot access Splunk from remote computers?

rockb
Explorer
‎11-14-2022 05:13 AM

I have Splunk installed on a machine running Windows 10 that is compliant with all Windows 10 STIGs.  I can access Splunk from that machine but no others.  I can ping the Splunk box from other machines.

I have tried disabling the firewall but the symptoms persist.  

I figure it is a setting associated with a STIG and am hoping someone here has run into this before and remembers what it is.

 

Labels (1)
Labels
0 Karma
Reply

BG
Explorer
‎11-23-2022 02:21 PM

Presumably if you run 'netstat -ano' it shows the Splunk service listening on port 8000, otherwise you wouldn't be able to connect on the local machine.

Have you tried serving any other application to check if external hosts can connect (something not on port 8000 obviously).

As already stated, I don't think ping is relevant as even with the Windows firewall enabled, ICMP isn't disabled.

Can you clarify how your 'STIG' compliant OS is different to standard Windows 10? If you're wanting the most secure machine to host Splunk Enterprise, wouldn't you just go with Server 2019 or Linux (I realise that's an entirely separate topic, but we don't know what security features you've added to Windows 10 for the STIG compliance, so it's difficult to advise what might be blocking traffic). 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-14-2022 05:26 AM

Hi @rockb,

ping isn't relevant, did you tried to check the connection with telnet?

telnet <ip_splunk_server> 8000

i you haven't, intall it for test.

if you cannot, there's a firewall route problem: it could be an intermediate  or a local firewall issue.

If you can, there's something other

Which browser are you using? don't use Edge or Explorer.

Ciao.

Giuseppe

0 Karma
Reply

rockb
Explorer
‎11-15-2022 06:41 AM

Unable to connect via Telnet on 8000.

I temporarily disabled the firewall and was still unable to connect via Telnet on 8000.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-15-2022 07:54 AM

Hi @rockb,

did you checked both local and intermediate firewalls?

telenet on the port not working means that you canno reach the host on that port.

Ciao.

Giuseppe

0 Karma
Reply

rockb
Explorer
‎11-15-2022 08:01 AM

They are both plugged into the same switch (SOHO router).  No intermediate firewalls.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-15-2022 08:32 AM

Hi @rockb

as I said, telnet on 8000 port not working meand that there's something blocking the connection, maybe a local firewall.

did you enabled https or not?

how do you locally access?

Ciao.

Giuseppe

 

 

0 Karma
Reply

rockb
Explorer
‎11-23-2022 09:12 AM

it is not a local firewall as I cannot access with the firewall disabled.

0 Karma
Reply
Get Updates on the Splunk Community!

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...