Deployment Architecture

Is it possible to configure more than one management port on the deployment server?

Tarek1977
Path Finder

Hello Splunkers,

is it possible to configure the deployment server's inputs.conf with more than one management port?

For example, on indexer side, it's possible configuring SSL connections with multiple ports:

[splunktcp-ssl:9997]

....

[splunktcp-ssl:9998]

etc.

Is that also possible on deployment server side configuration for the management port? e.g using port 8089 and 8090 for splunkd communication?

BR,

Tarek

0 Karma

Masa
Splunk Employee
Splunk Employee

I never used this attribute.
But, I've heard a couple of users reported this worked to have two splunkd management ports.
- server.conf.spec

[httpServerListener:<ip:><port>]
* Enable the splunkd REST HTTP server to listen on an additional port number
  specified by <port>.  If a non-empty <ip> is included (for example:
  "[httpServerListener:127.0.0.1:8090]") the listening port will be
  bound only to a specific interface.
* Multiple "httpServerListener" stanzas can be specified to listen on
  more ports.
* Normally, splunkd listens only on the single REST port specified in
  web.conf's "mgmtHostPort" setting, and none of these stanzas need to
  be present.  Add these stanzas only if you want the REST HTTP server
  to listen to more than one port.
0 Karma

somesoni2
Revered Legend

A Splunk instance can have only one management port and one splunk web port. The example that you gave of Indexers, is the receiver port which can be multiple to receive data from forwardres/third-party systems. The management port and web port are used for internal use.

What are the scenarios that you're testing on which might require two management port on deployment server? If you want to different deployment clients to connect on different port, may be setup two Splunk instance on that box, with two instance running on different web/management port and using same deployment-apps repository.

0 Karma

twinspop
Influencer

I don't think splunk can do this, but in Linux you can use iptables to redirect 1 port to another. I use this all the time because I run Splunk as non-root, but like to keep 80 working.

#!/bin/sh

# get the main interface
int=$(netstat -nr | egrep -i "^0.0.0.0|^default" | awk '{print $8}')

# run iptables rule for port 80 -> 8000 (WEB GUI)
iptables -A PREROUTING -t nat -i $int -p tcp --dport 80 -j REDIRECT --to-port 8000

# and for port 443 -> 8089 (API)
iptables -A PREROUTING -t nat -i $int -p tcp --dport 443 -j REDIRECT --to-port 8089
0 Karma

gcusello
Esteemed Legend

Hi Tarek1977,
why you want to use two (or more) management ports?
I don't think that is possible and surely not recommended.
Bye.
Giuseppe

0 Karma

Tarek1977
Path Finder

Hi Guiseppe,

thx for your answer. We're testinig some scenarios here, and I just want to know, if it's possible. In your opinion, it's not, but does that mean, it's impossible or just not recommended, but possible?

BR,

Tarek

0 Karma

gcusello
Esteemed Legend

Hi Tarek1977,
I don't think that is possible and surely not recommended.
Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...