Solved: Change Splunk management port for single Linux hos...

3amer92 · ‎09-03-2020

Hello!

I'm new to Splunk, and I would like to change the management port for only a single host from 8089 to 9089 due to a port conflict issue.

I have read that it can be done from Settings > Server settings > General settings. But from my understanding this way I will have to change the port on every host which is not what I want, I want to change it only on a single host that has the port conflict issue. if this is possible, it will appreciated to provide a detailed steps.

Thanks.

gcusello · ‎09-03-2020

Hi @3amer92,

if you're speking of a Universal Forwarder there isn't any problem!

as you can see at https://community.splunk.com/t5/Monitoring-Splunk/Change-splunkd-management-port-on-Universal-forwar...

You have to change the default splunk forwarder management port on UF:
In "$SPLUNK_HOME/etc/system/local", add the following file and contents:

web.conf with
[settings]
mgmtHostPort = 127.0.0.1:9089

and restart splunk.

It will be like this.
Splunk Server OR DS(ANY)->UF(9089)
UF(ANY)->DS(8089)

Ciao.

Giuseppe

View solution in original post

gcusello · ‎09-03-2020

Hi @3amer92,

if you change the 8089 port on a Splunk server, you have to change also the port in all the systems that call this server.

In other words: if you change the default port on a Deployment server, on all the deployment client you have to use ds_address:9089 and so on.

You have to analyze which connection you have on this server:

it's a Splunk server or a Universal Forwarder or an Heavy Forwarder?
it's a Deployment Server, a part of a cluster, a search peer, in other words, what's the role of this server?
what's your architecture?

8089 is a management port so it's used for management scopes.

Ciao.

Giuseppe

3amer92 · ‎09-03-2020

Hi @gcusello!

The server that I want to change the port on is a Linux server that has Splunk Universal Forwarder installed/running on it. And this Splunk Universal Forwarder is running on port 8089 which is causing a port conflict issue so I need to change this port for this server only, but I'm not sure how it can be done.

I hope this answers your question.

gcusello · ‎09-03-2020

Hi @3amer92,

if you're speking of a Universal Forwarder there isn't any problem!

as you can see at https://community.splunk.com/t5/Monitoring-Splunk/Change-splunkd-management-port-on-Universal-forwar...

You have to change the default splunk forwarder management port on UF:
In "$SPLUNK_HOME/etc/system/local", add the following file and contents:

web.conf with
[settings]
mgmtHostPort = 127.0.0.1:9089

and restart splunk.

It will be like this.
Splunk Server OR DS(ANY)->UF(9089)
UF(ANY)->DS(8089)

Ciao.

Giuseppe

gcusello · ‎09-03-2020

Hi @3amer92,

good and happy splunking.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated by all contributors 😉

3amer92 · ‎09-03-2020

Hi @gcusello ,

So that's it? do I need to change anything on Splunk Enterprise server (DS)?

isoutamo · ‎09-03-2020

Yes that’s it. No need to update anything on DS side as UF is initiating the connection.
r. Ismo

Change Splunk management port for single Linux host

Linux

universal forwarder

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life