Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What port should I use to connect to a private server (Azure)?

saranyasubburaj
New Member
‎08-29-2017 08:24 AM

I want to connect the server which is in Azure (private network) to Splunk indexer server , which port should be opened in order to establish the connection?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎09-10-2017 08:15 PM

See port details here (including excellent diagram):
https://www.aplura.com/splunk-best-practices/

Carefully and consistently use Splunk’s listening ports, which bind to specific back-end processes. Some of these are referenced when Splunk starts. Generally speaking here are the standard ports, if they have not been altered:
tcp/8089 – splunkd – Splunk’s daemon port used for distributed search and deployment server.
tcp/8000 – splunkweb – Splunk’s web port used for web UI access.
tcp/8191 – kvstore – Splunk’s key value store.
tcp/9887 – Index cluster replication – Port commonly used to replicate Splunk data in index clustering environments. Note: This can be any permissible port, 9887 is just an example.
tcp/9997 – splunktcp listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder). Note: This can be any permissible port, 9997 is just an example.
tcp/9998 – splunktcp SSL listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder) using encryption. Note: This can be any permissible port, 9998 is just an example.

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎09-10-2017 08:15 PM

See port details here (including excellent diagram):
https://www.aplura.com/splunk-best-practices/

Carefully and consistently use Splunk’s listening ports, which bind to specific back-end processes. Some of these are referenced when Splunk starts. Generally speaking here are the standard ports, if they have not been altered:
tcp/8089 – splunkd – Splunk’s daemon port used for distributed search and deployment server.
tcp/8000 – splunkweb – Splunk’s web port used for web UI access.
tcp/8191 – kvstore – Splunk’s key value store.
tcp/9887 – Index cluster replication – Port commonly used to replicate Splunk data in index clustering environments. Note: This can be any permissible port, 9887 is just an example.
tcp/9997 – splunktcp listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder). Note: This can be any permissible port, 9997 is just an example.
tcp/9998 – splunktcp SSL listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder) using encryption. Note: This can be any permissible port, 9998 is just an example.

Reply
Solved! Jump to solution

s2_splunk
Splunk Employee
Splunk Employee
‎08-29-2017 10:00 AM

Assuming that "the server which is in Azure" is actually a Splunk forwarder, your Splunk admin can tell you which TCP port she/he has configured to receive data on. The default port is 9997.

More details

Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...