What are all the ports to be opened for Splunk?

dhamumarch03 · ‎07-27-2019

Hi,

Please let me know the ports to be open for splunk setup.
1. Ports to be open ON Universal Forwarder
2. Ports to be open on Heavy Forwarder
3. Ports to be open on Indexer & Indexer Cluster & Master
4. Ports to be open on Search Head & Deployer
5. Ports to be open on Deployment Server.

Please brief me.

//Dhamodaram

Ninjakart · ‎06-19-2023

List of ports need to open

Standalone/distributed
TCP/8089, TCP/8000, TCP/8065, TCP/8191,TCP/9997

Cluster env

SHC
TCP/8081, TCP/9887, TCP/8181

Indexer cluster

TCP/8080, TCP/9887

HF-> HEC

TCP/8088

please check below link
Components and their relationship with the network - Splunk Documentation

inventsekar · ‎07-31-2019

Re-arranging as per components
forwarders - 9997
heavy forwarders - 9997
indexers - 8089, 9997, 514, 8080
search heads - 8000, 8089 (8181 search Replication)
deployment server - 8089
deployer - 8089
license master - 8089
1433 DB Connector(to fetch data from databases to Splunk)
8088 http Event Collector

mohammedk01 · ‎07-28-2019

8000 Web (default for clients to the Splunk Search page)
8089 Management/Rest API & Distributed Search (default)
9997 Indexing Receiver( for forwarders to the Splunk indexer)
8181 Search replication
8080 Index replication
8191 KV store/replication
8088 http Event Collector
8065 Splunk App Server
514 Legacy syslog input(UDP/TCP)
1433 DB Connector(to fetch data from databases to Splunk)

richgalloway · ‎07-28-2019

This posting should answer your questions.

https://answers.splunk.com/answers/58888/what-are-the-ports-that-i-need-to-open.html

---
If this reply helps you, Karma would be appreciated.

What are all the ports to be opened for Splunk?

deployment server

heavy forwarder

indexer clustering

search head

universal forwarder

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes