Deployment Architecture

Is it possible to configure more than one management port on the deployment server?

Tarek1977
Path Finder

Hello Splunkers,

is it possible to configure the deployment server's inputs.conf with more than one management port?

For example, on indexer side, it's possible configuring SSL connections with multiple ports:

[splunktcp-ssl:9997]

....

[splunktcp-ssl:9998]

etc.

Is that also possible on deployment server side configuration for the management port? e.g using port 8089 and 8090 for splunkd communication?

BR,

Tarek

0 Karma

Masa
Splunk Employee
Splunk Employee

I never used this attribute.
But, I've heard a couple of users reported this worked to have two splunkd management ports.
- server.conf.spec

[httpServerListener:<ip:><port>]
* Enable the splunkd REST HTTP server to listen on an additional port number
  specified by <port>.  If a non-empty <ip> is included (for example:
  "[httpServerListener:127.0.0.1:8090]") the listening port will be
  bound only to a specific interface.
* Multiple "httpServerListener" stanzas can be specified to listen on
  more ports.
* Normally, splunkd listens only on the single REST port specified in
  web.conf's "mgmtHostPort" setting, and none of these stanzas need to
  be present.  Add these stanzas only if you want the REST HTTP server
  to listen to more than one port.
0 Karma

somesoni2
SplunkTrust
SplunkTrust

A Splunk instance can have only one management port and one splunk web port. The example that you gave of Indexers, is the receiver port which can be multiple to receive data from forwardres/third-party systems. The management port and web port are used for internal use.

What are the scenarios that you're testing on which might require two management port on deployment server? If you want to different deployment clients to connect on different port, may be setup two Splunk instance on that box, with two instance running on different web/management port and using same deployment-apps repository.

0 Karma

twinspop
Influencer

I don't think splunk can do this, but in Linux you can use iptables to redirect 1 port to another. I use this all the time because I run Splunk as non-root, but like to keep 80 working.

#!/bin/sh

# get the main interface
int=$(netstat -nr | egrep -i "^0.0.0.0|^default" | awk '{print $8}')

# run iptables rule for port 80 -> 8000 (WEB GUI)
iptables -A PREROUTING -t nat -i $int -p tcp --dport 80 -j REDIRECT --to-port 8000

# and for port 443 -> 8089 (API)
iptables -A PREROUTING -t nat -i $int -p tcp --dport 443 -j REDIRECT --to-port 8089
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi Tarek1977,
why you want to use two (or more) management ports?
I don't think that is possible and surely not recommended.
Bye.
Giuseppe

0 Karma

Tarek1977
Path Finder

Hi Guiseppe,

thx for your answer. We're testinig some scenarios here, and I just want to know, if it's possible. In your opinion, it's not, but does that mean, it's impossible or just not recommended, but possible?

BR,

Tarek

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi Tarek1977,
I don't think that is possible and surely not recommended.
Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...