0

I signed up for a Udemy course on Splunk. I got through to the lecture on setting up an AWS instance of Splunk.

Amazon says, "Get the IP of your instance, append :8000" and dump it in a web browser to access your Splunk admin panel. The instructor says the same thing. For him, it appears to work as advertised. Despite me following his instructions verbatim four times it doesn't work for me, despite the video showing his instructions working.

Here's my EC2 Management Console:

enter image description here

Here are the instructions:

enter image description here

When I dump in my IP appended with :8000 into a browser instance (ex: 123.456.789.1:8000 it times out despite the Amazon Management Console saying it's running with a public DNS entry and an IP address.

I tried pinging the DNS entry and the IP address and there's no response.

Two questions:

  1. How did I muck up?
  2. How do I fix it?
Tim
  • 31,888
  • 7
  • 52
  • 78
Adrian
  • 101
  • 2

1 Answers1

0

Amazon's instructions are inaccurate:

enter image description here

Despite AWS' instructions saying the requisite ports were opened for the default security group, which I was using, they weren't. Here's how I resolved the issue:

  1. On the left-hand side of the screen, I went to the "Security Groups" tab.

  2. Under the Group Name for default Security Group, I clicked "Actions"/"Add new inbound rule" and added a custom TCP rule for Port Range 8000 with the Source being my WAN-side IP address.

Adrian
  • 101
  • 2
  • The image of the instructions you posted clearly shows to open the ports in your security group. – joeqwerty Oct 14 '18 at 15:13
  • @joeqwerty It says they were opened. They weren't. – Adrian Oct 14 '18 at 15:21
  • 1
    Security groups was going to be my first guess. You're correct that the AWS instructions were wrong saying that the security group had been opened. I don't think AWS will ever change your security groups for you as they're pretty big on security and that action would weaken it. – Tim Oct 14 '18 at 19:06