Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- What port should I use to connect to a private ser...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to connect the server which is in Azure (private network) to Splunk indexer server , which port should be opened in order to establish the connection?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See port details here (including excellent diagram):
https://www.aplura.com/splunk-best-practices/
Carefully and consistently use Splunk’s listening ports, which bind to specific back-end processes. Some of these are referenced when Splunk starts. Generally speaking here are the standard ports, if they have not been altered:
tcp/8089 – splunkd – Splunk’s daemon port used for distributed search and deployment server.
tcp/8000 – splunkweb – Splunk’s web port used for web UI access.
tcp/8191 – kvstore – Splunk’s key value store.
tcp/9887 – Index cluster replication – Port commonly used to replicate Splunk data in index clustering environments. Note: This can be any permissible port, 9887 is just an example.
tcp/9997 – splunktcp listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder). Note: This can be any permissible port, 9997 is just an example.
tcp/9998 – splunktcp SSL listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder) using encryption. Note: This can be any permissible port, 9998 is just an example.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See port details here (including excellent diagram):
https://www.aplura.com/splunk-best-practices/
Carefully and consistently use Splunk’s listening ports, which bind to specific back-end processes. Some of these are referenced when Splunk starts. Generally speaking here are the standard ports, if they have not been altered:
tcp/8089 – splunkd – Splunk’s daemon port used for distributed search and deployment server.
tcp/8000 – splunkweb – Splunk’s web port used for web UI access.
tcp/8191 – kvstore – Splunk’s key value store.
tcp/9887 – Index cluster replication – Port commonly used to replicate Splunk data in index clustering environments. Note: This can be any permissible port, 9887 is just an example.
tcp/9997 – splunktcp listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder). Note: This can be any permissible port, 9997 is just an example.
tcp/9998 – splunktcp SSL listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder) using encryption. Note: This can be any permissible port, 9998 is just an example.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assuming that "the server which is in Azure" is actually a Splunk forwarder, your Splunk admin can tell you which TCP port she/he has configured to receive data on. The default port is 9997.
Observe and Secure All Apps with Splunk
What's New in Splunk Observability - August 2025
Introduction to Splunk AI
