I have Splunk installed on a machine running Windows 10 that is compliant with all Windows 10 STIGs. I can access Splunk from that machine but no others. I can ping the Splunk box from other machines.
I have tried disabling the firewall but the symptoms persist.
I figure it is a setting associated with a STIG and am hoping someone here has run into this before and remembers what it is.
Presumably if you run 'netstat -ano' it shows the Splunk service listening on port 8000, otherwise you wouldn't be able to connect on the local machine.
Have you tried serving any other application to check if external hosts can connect (something not on port 8000 obviously).
As already stated, I don't think ping is relevant as even with the Windows firewall enabled, ICMP isn't disabled.
Can you clarify how your 'STIG' compliant OS is different to standard Windows 10? If you're wanting the most secure machine to host Splunk Enterprise, wouldn't you just go with Server 2019 or Linux (I realise that's an entirely separate topic, but we don't know what security features you've added to Windows 10 for the STIG compliance, so it's difficult to advise what might be blocking traffic).
Hi @rockb,
ping isn't relevant, did you tried to check the connection with telnet?
telnet <ip_splunk_server> 8000
i you haven't, intall it for test.
if you cannot, there's a firewall route problem: it could be an intermediate or a local firewall issue.
If you can, there's something other
Which browser are you using? don't use Edge or Explorer.
Ciao.
Giuseppe
Unable to connect via Telnet on 8000.
I temporarily disabled the firewall and was still unable to connect via Telnet on 8000.
Hi @rockb,
did you checked both local and intermediate firewalls?
telenet on the port not working means that you canno reach the host on that port.
Ciao.
Giuseppe
They are both plugged into the same switch (SOHO router). No intermediate firewalls.
Hi @rockb
as I said, telnet on 8000 port not working meand that there's something blocking the connection, maybe a local firewall.
did you enabled https or not?
how do you locally access?
Ciao.
Giuseppe
it is not a local firewall as I cannot access with the firewall disabled.