Hey Answers,
I'm looking at deploying Stream in a highly secure environment for collection. I plan on having a dual purpose deployment server, stream search head on premise for stream management, although the data will be forwarded to SplunkCloud.
What ports do I need opened to manage Stream and in what directions, the docs diagram found here is a little confusing:
https://docs.splunk.com/Documentation/StreamApp/7.1.2/DeployStreamApp/DeploymentArchitecture
It shows that the streamfwd will initiate a connection to the SH w/ Stream App and a second connection will be initiated from the SH to the streamfwd.
Are these actually TWO separate connections and do I need a rule allowing TCP/8000 in both directions? Or;
Are these actually a single connection from the UF similar to how the Deployment Server works?
Thanks!
There's a single connection between the streamfwd and the SH on TCP/8000, initiated by the streamfwd.