All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Limit DB Connect Query Seever to localhost

afx
Contributor
‎04-16-2020 12:08 AM

Hi,
after installing DB Connect and configuring it, I now have Java listening on all interfaces (Port 9999, 1090).
How can this be restricted to localhost?

thx
afx

Reply

spunk_enthusias
Path Finder
‎05-12-2023 05:13 AM

What a crazy oversight, right? This isn't just some authenticated port that you can't do anything with or something someone would ever actually normally connect to from the outside. No, this thing opens up a very direct tunnel into the java server to the whole network using the Splunk custom command protocol. What?!?!

Splunk has been negatively impressing me regarding everything surrounding custom search commands (the DB Connect commands are implemented as such) and DB Connect is an especially hard-to-predict-hard-to-debug example.

While I can't answer your question directly, I can tell you what didn't work for me. I was hoping that setting the vmopts option -Daddress=127.0.0.1 or -Dserver.address=127.0.0.1 would help, since that's what works for some Spring Boot applications (which I'm not sure DB Connect is, but it might be).

Perhaps firewalling would work or network namespaces/containerization.

0 Karma
Reply

SplunkingKnight
Explorer
‎09-22-2025 02:51 AM

Hello everyone,

this topic is a bit older, but still relevant. I have opened a support case regarding this issue and discussed this security-related misconfiguration with the support team and developers. The result is that DB Connect version 4.2 will introduce a bindHost parameter for the DB Connect query server port to bind it to localhost. In addition, consideration is being given to encrypting communication via the query server port using TLS in future versions.

Regards,
SplunkingKnight

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...