Installation

Splunk Enterprise installation does not details about which ports to open?

jnilsson
Explorer

Hello,

 

I'm following the steps here:

https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/InstallonLinux#Next_steps

After installing and starting the service, I'm of course unable to access port 8000 to access the web interface because the system firewall is blocking connections. Besides port 8000, what other ports should I open through the firewall and why isn't this documented on the above page?

If anyone has a link to splunk documentation about the ports used, please let me know. I've seen lots of splunk community answers showing different ports, but others say they are user-defined. Like port 9997 for the forwarder to send data to the splunk server... I haven't configured that yet (it wasn't in the above documentation).

I see that my splunk server is currently listening on ports 8000, 8089, and 8191, according to the output of "sudo ss -tunlp"

tcp LISTEN 0 128 0.0.0.0:8089 0.0.0.0:* users:(("splunkd",pid=1806,fd=4))
tcp LISTEN 0 128 0.0.0.0:8191 0.0.0.0:* users:(("mongod",pid=2285,fd=9))
tcp LISTEN 0 128 0.0.0.0:8000 0.0.0.0:* users:(("splunkd",pid=1806,fd=100))

I tried opening a support case, but apparently I can't do that either. I'm really not sure where to ask this question, or who to ask in order to get the installation documentation updated.

If I should post this somewhere else, please let me know.

Thank you,

Jonathan

Labels (1)
0 Karma

jnilsson
Explorer

Thank you! I've added just port 8000 for now, since it seems like everything else will be added later and configured separately. It doesn't seem like anything else is immediately needed. But I ran into the next undocumented problem right away: my browser, Chrome, enforces https (I can't even go to http://myhost:8000) and apparently splunk doesn't use https? I'm getting "ERR_SSL_PROTOCOL_ERROR". But I can't find any documentation about how to set up SSL (ideally a self-signed certificate to start, and then import a signed certificate at a later date).

Thanks for the tip about leaving feedback about the documentation.

For other users: I didn't notice before, but there is a "Was this topic useful?" link at the bottom of the documentation page where you can submit an email address and free-form feedback. I'm doing this now.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Using SSL for the web interface is documented, but can be tricky to find.  Just set enableSplunkWebSSL = true in $SPLUNK_HOME/etc/system/local/web.conf.  See https://docs.splunk.com/Documentation/Splunk/9.0.1/Security/Turnonbasicencryptionusingweb.conf for details.

If you don't have a file called $SPLUNK_HOME/etc/system/local/web.conf (which you may not on a new installation), then create it and copy the lines from the docs into the file.

Restart Splunk for the changes to take effect.

---
If this reply helps you, Karma would be appreciated.

richgalloway
SplunkTrust
SplunkTrust

This is where Splunk documentation is found to be wanting.  One reason may be to avoid confusion since there are many possible ports Splunk could use, but very few necessary to get started.  And, as you've learned, they're all configurable so the documentation would only be a guideline.

See this answer https://community.splunk.com/t5/Getting-Data-In/What-are-the-ports-that-I-need-to-open/m-p/62934 for the basics.

Submit feedback on the documentation to let Splunk know you couldn't find the information you needed.

Here are some other ports I've collected over time.

8000

GUI

8080

Indexer replication

8088

HEC

8089

Management

8191

App Key Value Store

9200

SHC replication

9997

Receive forwarded data

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...