I am having an odd issue. I have a Windows server in Azure which I have installed Splunk on and I can't get to the web UI.
I created it from the default template and I have deleted it and tried to recreate it.
I have made an NSG rule to allow port 8000 from my works public IP.
I have allowed port 8000 through the windows firewall.
I can get to the splunk web ui locally on the VM.
It is listening to 0.0.0.0:8000 and the other default splunk ports checked with netstat -ano
.
Things I have tried:
- Allow all traffic from my work IP to the VM.
- Bind the splunk server only to the 10.0.0.4 address.
- Disable the splunkd service and run an IIS site on port 8000. IIS works on port 80 but not port 8000.
- Applied the NSG to the subnet.
- Checked port with telnet and test-connection which got no response.
- Removed the IP restriction on the inbound NSG rules.
PS C:\Users\sreadmin> netstat -ant | findstr 80
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:8089 0.0.0.0:0 LISTENING InHost
TCP 10.0.0.4:49719 168.63.129.16:80 ESTABLISHED InHost
TCP 10.0.0.4:49722 168.63.129.16:80 ESTABLISHED InHost
TCP 10.0.0.4:50179 168.63.129.16:80 TIME_WAIT InHost
TCP 127.0.0.1:8065 0.0.0.0:0 LISTENING InHost
TCP [::]:8000 [::]:0 LISTENING InHost
UDP [fe80::d481:9b75:f30d:9b31%5]:1900 *:*
UDP [fe80::d481:9b75:f30d:9b31%5]:61131 *:*
NSG rules I have done look like this:
100 | Port_8000 | 8000 | Any | 131.203.112.66/32 | Any | Allow | …
110 | Port_8089 | 8089 | Any | 131.203.112.66/32 | Any | Allow | …
150 | http | 80 | Any | 131.203.112.66/32 | Any | Allow | …
1000 | default-allow-rdp | 3389 | TCP | 131.203.112.66/32 | Any | Allow | …
Does anyone have an idea of what I am missing here, what I should look at to troubleshoot or how to test where the issue is?