Installation

What port should I use to connect to a private server (Azure)?

saranyasubburaj
New Member

I want to connect the server which is in Azure (private network) to Splunk indexer server , which port should be opened in order to establish the connection?

Labels (1)
0 Karma
1 Solution

woodcock
Esteemed Legend

See port details here (including excellent diagram):
https://www.aplura.com/splunk-best-practices/

Carefully and consistently use Splunk’s listening ports, which bind to specific back-end processes. Some of these are referenced when Splunk starts. Generally speaking here are the standard ports, if they have not been altered:
tcp/8089 – splunkd – Splunk’s daemon port used for distributed search and deployment server.
tcp/8000 – splunkweb – Splunk’s web port used for web UI access.
tcp/8191 – kvstore – Splunk’s key value store.
tcp/9887 – Index cluster replication – Port commonly used to replicate Splunk data in index clustering environments. Note: This can be any permissible port, 9887 is just an example.
tcp/9997 – splunktcp listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder). Note: This can be any permissible port, 9997 is just an example.
tcp/9998 – splunktcp SSL listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder) using encryption. Note: This can be any permissible port, 9998 is just an example.

View solution in original post

woodcock
Esteemed Legend

See port details here (including excellent diagram):
https://www.aplura.com/splunk-best-practices/

Carefully and consistently use Splunk’s listening ports, which bind to specific back-end processes. Some of these are referenced when Splunk starts. Generally speaking here are the standard ports, if they have not been altered:
tcp/8089 – splunkd – Splunk’s daemon port used for distributed search and deployment server.
tcp/8000 – splunkweb – Splunk’s web port used for web UI access.
tcp/8191 – kvstore – Splunk’s key value store.
tcp/9887 – Index cluster replication – Port commonly used to replicate Splunk data in index clustering environments. Note: This can be any permissible port, 9887 is just an example.
tcp/9997 – splunktcp listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder). Note: This can be any permissible port, 9997 is just an example.
tcp/9998 – splunktcp SSL listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder) using encryption. Note: This can be any permissible port, 9998 is just an example.

s2_splunk
Splunk Employee
Splunk Employee

Assuming that "the server which is in Azure" is actually a Splunk forwarder, your Splunk admin can tell you which TCP port she/he has configured to receive data on. The default port is 9997.

More details

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...