Deployment Architecture

Is it possible to configure more than one management port on the deployment server?

Path Finder

Hello Splunkers,

is it possible to configure the deployment server's inputs.conf with more than one management port?

For example, on indexer side, it's possible configuring SSL connections with multiple ports:

[splunktcp-ssl:9997]

....

[splunktcp-ssl:9998]

etc.

Is that also possible on deployment server side configuration for the management port? e.g using port 8089 and 8090 for splunkd communication?

BR,

Tarek

0 Karma

Splunk Employee
Splunk Employee

I never used this attribute.
But, I've heard a couple of users reported this worked to have two splunkd management ports.
- server.conf.spec

[httpServerListener:<ip:><port>]
* Enable the splunkd REST HTTP server to listen on an additional port number
  specified by <port>.  If a non-empty <ip> is included (for example:
  "[httpServerListener:127.0.0.1:8090]") the listening port will be
  bound only to a specific interface.
* Multiple "httpServerListener" stanzas can be specified to listen on
  more ports.
* Normally, splunkd listens only on the single REST port specified in
  web.conf's "mgmtHostPort" setting, and none of these stanzas need to
  be present.  Add these stanzas only if you want the REST HTTP server
  to listen to more than one port.
0 Karma

Revered Legend

A Splunk instance can have only one management port and one splunk web port. The example that you gave of Indexers, is the receiver port which can be multiple to receive data from forwardres/third-party systems. The management port and web port are used for internal use.

What are the scenarios that you're testing on which might require two management port on deployment server? If you want to different deployment clients to connect on different port, may be setup two Splunk instance on that box, with two instance running on different web/management port and using same deployment-apps repository.

0 Karma

Influencer

I don't think splunk can do this, but in Linux you can use iptables to redirect 1 port to another. I use this all the time because I run Splunk as non-root, but like to keep 80 working.

#!/bin/sh

# get the main interface
int=$(netstat -nr | egrep -i "^0.0.0.0|^default" | awk '{print $8}')

# run iptables rule for port 80 -> 8000 (WEB GUI)
iptables -A PREROUTING -t nat -i $int -p tcp --dport 80 -j REDIRECT --to-port 8000

# and for port 443 -> 8089 (API)
iptables -A PREROUTING -t nat -i $int -p tcp --dport 443 -j REDIRECT --to-port 8089
0 Karma

SplunkTrust
SplunkTrust

Hi Tarek1977,
why you want to use two (or more) management ports?
I don't think that is possible and surely not recommended.
Bye.
Giuseppe

0 Karma

Path Finder

Hi Guiseppe,

thx for your answer. We're testinig some scenarios here, and I just want to know, if it's possible. In your opinion, it's not, but does that mean, it's impossible or just not recommended, but possible?

BR,

Tarek

0 Karma

SplunkTrust
SplunkTrust

Hi Tarek1977,
I don't think that is possible and surely not recommended.
Bye.
Giuseppe

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!