Under what circumstances does the splunkd service need to be accesable by anyone/thing besides the http server?
The management port is used by all things that need to communicate TO the splunkd, excepting forwarders.
Essentially the management port is a request-response model communication path, implemented as REST over HTTP (historically SOAP was used in older products). Thus anything that is a request with a result occurs over the management port. Forwarding is a continuous stream and has its own protocol.
Things that will have to access the httpd.
management port is required for internal communication primarily between the splunk instances in short
We can change this if we require by editing the configuration files.
several other ports are 8000 web port 9997 - incoming port 8080 - replication port
Used by deployment clients as well. This is is specified in deploymentclient.conf with attribute 'targetUri'.
The management port is used by all things that need to communicate TO the splunkd, excepting forwarders.
Essentially the management port is a request-response model communication path, implemented as REST over HTTP (historically SOAP was used in older products). Thus anything that is a request with a result occurs over the management port. Forwarding is a continuous stream and has its own protocol.
Things that will have to access the httpd.
Unless I'm sorely mistaken, CLI communicates with splunkd
via the mgmt port.
yes, the CLI communicates with splunkd via the management port.