Deployment Architecture

What are all the ports to be opened for Splunk?

dhamumarch03
New Member

Hi,

Please let me know the ports to be open for splunk setup.
1. Ports to be open ON Universal Forwarder
2. Ports to be open on Heavy Forwarder
3. Ports to be open on Indexer & Indexer Cluster & Master
4. Ports to be open on Search Head & Deployer
5. Ports to be open on Deployment Server.

Please brief me.

//Dhamodaram

Tags (2)
0 Karma

Ninjakart
Explorer

List of ports need to open

Standalone/distributed
TCP/8089, TCP/8000, TCP/8065, TCP/8191,TCP/9997

Cluster env

SHC
TCP/8081, TCP/9887, TCP/8181

Indexer cluster

TCP/8080, TCP/9887

HF-> HEC

TCP/8088

please check below link
Components and their relationship with the network - Splunk Documentation

 

 

0 Karma

inventsekar
SplunkTrust
SplunkTrust

Re-arranging as per components
forwarders - 9997
heavy forwarders - 9997
indexers - 8089, 9997, 514, 8080
search heads - 8000, 8089 (8181 search Replication)
deployment server - 8089
deployer - 8089
license master - 8089
1433 DB Connector(to fetch data from databases to Splunk)
8088 http Event Collector

mohammedk01
Explorer

8000 Web (default for clients to the Splunk Search page)
8089 Management/Rest API & Distributed Search (default)
9997 Indexing Receiver( for forwarders to the Splunk indexer)
8181 Search replication
8080 Index replication
8191 KV store/replication
8088 http Event Collector
8065 Splunk App Server
514 Legacy syslog input(UDP/TCP)
1433 DB Connector(to fetch data from databases to Splunk)

0 Karma

richgalloway
SplunkTrust
SplunkTrust

This posting should answer your questions.

https://answers.splunk.com/answers/58888/what-are-the-ports-that-i-need-to-open.html

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...