Tuesday, October 6, 2015

Splunk Common Network Ports - Reference

Splunk Common Ports 

This is a diagram of Splunk components and network ports that are commonly used in a Splunk Enterprise environment. Firewall rules often need to be updated to allow communication on ports 8000, 8089, 9997, 8080 and 514.

UFs ---9997---> HF --- 9997---> Indexers
UFs, Indexers, SHs ---8089 ---> DS

Splunk Web Port: 8000

Splunk Management Port: 8089

Splunk Indexing Port: 9997

Splunk Index Replication Port 8080

Splunk network port: 514 (Used to get data in from netwok port i.e. UDP data)

How to change default port numbers in splunk?

There may be certain conditions where you may need to change default port numbers used.Most of the case due to security reasons OR if other service is using the port then You can change the default values by following below steps:

Using Splunk WebTo change the ports from their installation settings:

1. Log into Splunk Web as the admin user.
2. Click Manager in the top-right of the interface.
3. Click the System settings link in the System section of the screen.
4. Click General settings.
5. Change the value for either Management port or Web port, and click Save.
Using Splunk CLITo change the port settings via the Splunk CLI, use the CLI command set.

For example, this command sets the Splunk Web port to 9000:

splunk set web-port 9000

This command sets the splunkd port to 9089:

splunk set splunkd-port 9089