All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Limit DB Connect Query Seever to localhost

afx
Contributor
‎04-16-2020 12:08 AM

Hi,
after installing DB Connect and configuring it, I now have Java listening on all interfaces (Port 9999, 1090).
How can this be restricted to localhost?

thx
afx

Reply

spunk_enthusias
Path Finder
‎05-12-2023 05:13 AM

What a crazy oversight, right? This isn't just some authenticated port that you can't do anything with or something someone would ever actually normally connect to from the outside. No, this thing opens up a very direct tunnel into the java server to the whole network using the Splunk custom command protocol. What?!?!

Splunk has been negatively impressing me regarding everything surrounding custom search commands (the DB Connect commands are implemented as such) and DB Connect is an especially hard-to-predict-hard-to-debug example.

While I can't answer your question directly, I can tell you what didn't work for me. I was hoping that setting the vmopts option -Daddress=127.0.0.1 or -Dserver.address=127.0.0.1 would help, since that's what works for some Spring Boot applications (which I'm not sure DB Connect is, but it might be).

Perhaps firewalling would work or network namespaces/containerization.

0 Karma
Reply

SplunkingKnight
Explorer
‎09-22-2025 02:51 AM

Hello everyone,

this topic is a bit older, but still relevant. I have opened a support case regarding this issue and discussed this security-related misconfiguration with the support team and developers. The result is that DB Connect version 4.2 will introduce a bindHost parameter for the DB Connect query server port to bind it to localhost. In addition, consideration is being given to encrypting communication via the query server port using TLS in future versions.

Regards,
SplunkingKnight

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...