Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Network prerequisites Splunk Universal Forwarder

michaelteck
Explorer
‎03-18-2024 03:34 AM

Hello everyone, 

In my splunk journey, I've to make a documentation for the installation of the Universal Forwarder.
Ours Forwarders will be install VMs who are on a private network so we need some configuration on the network to let the Universal Forwarder to send data to the indexers splunk.
Ours indexers are install on another private network, we created a rule on the network to receive data on the port 9997 of the Splunk server.
I'm looking for network prerequisites before the installation of the fowarder.
What rules we have to create on the Forwarder's network ?
What port we have to open on the Forwarder's network ?
Do we need to create a specific flow for the Forwarder to send data to the indexers?
What protocol we have to setup on the Forwarder's network?

Thank for all who read me,

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kiran_panchavat
Communicator
‎03-18-2024 11:09 AM

@michaelteck 

The Splunk Documentation has a page that discusses which ports need to be opened, and has diagrams for both standalone and distributed deployments: https://docs.splunk.com/Documentation/Splunk/latest/InheritedDeployment/Ports 

https://kinneygroup.com/blog/splunk-default-ports/ 

kiran_panchavat_0-1710785265231.png

 

kiran_panchavat_2-1710785322256.png

If my comment helps, please give it a thumbs up!

 
 

View solution in original post

Reply
Solved! Jump to solution
Solution

kiran_panchavat
Communicator
‎03-18-2024 11:09 AM

@michaelteck 

The Splunk Documentation has a page that discusses which ports need to be opened, and has diagrams for both standalone and distributed deployments: https://docs.splunk.com/Documentation/Splunk/latest/InheritedDeployment/Ports 

https://kinneygroup.com/blog/splunk-default-ports/ 

kiran_panchavat_0-1710785265231.png

 

kiran_panchavat_2-1710785322256.png

If my comment helps, please give it a thumbs up!

 
 
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎03-18-2024 04:16 AM

Hi

here is network diagram which describes which ports and what directions should/must be open. https://www.aplura.com/assets/pdf/splunk_common_ports.pdf

r. Ismo

Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...