Getting Data In

What port number do deployment servers use to communicate with the forwarder?

kteng2024
Path Finder

Hi,

I can ping Telnet 8089 from forwarder to deployment server, but when I push the app from deployment server, it is not reflected in the forwarder (serverclass is correctly configured). Can I please know:
1. How do you troubleshoot this kind of issue?
2. What port number do deployment servers use to communicate with the forwarder?

0 Karma

woodcock
Esteemed Legend

If you are on the DC and sitting in any directory of the app waiting to see a file change, you never will because the DC will rename the app that you are in, create a new app from the DS and do some merging before deleting the old/renamed app. You have to sit in some other directory and do cat $SPLUNK_HOME/etc/apps/<your app name here>/*/<your conf file here>,conf to test/watch for the change to pull down.

0 Karma

FrankVl
Ultra Champion

Do you see the respective forwarder reporting into the deployment server, when you go to settings -> forwarder management on the web gui of the deployment server?

What does splunkd.log say on the forwarder about its attempts to connect to the deployment server?

If you need further help troubleshooting, please also at least share the relevant part of the serverclass configuration. (maybe best to just open a new question for that)

0 Karma

woodcock
Esteemed Legend

None. The DS does not initiate communication with DCs; it is always the other way around. The default port that DCs use is 8089 but it is not uncommon to change this.

rafamss
Contributor

Hi @kteng2024,

This answer is easily resolved with this other response: https://answers.splunk.com/answers/118859/diagram-of-splunk-common-network-ports.html

[ ]s
RM

0 Karma

lycollicott
Motivator

Port 8089 traffic should be bidirectional, so check that you can telnet to 8089 from the deployment server to the forwarder.

woodcock
Esteemed Legend

You are incorrect. The DS NEVER initiates.

0 Karma

splunk_zen
Builder

I downvoted this post because this is incorrect. a uf does a pull from the ds and doesn't require port 8089 open. the uf 8089 listening admin port can be disabled

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...