Solved: Change splunkd management port on Universal forwar...

skrish91 · ‎03-04-2019

I would like to change the splunk management port from 8089 to some higher port say 9089. What is the best way to do this? Should i use the Splunk CLI or change it using web.conf file? Also I am using a deployment server to manage the UF. Should I change the port on deployment server as well?

HiroshiSatoh · ‎03-04-2019

Here is the way to change the default splunk forwarder management port:
In "/etc/system/local", add the following file and contents:

web.conf with
[settings]
mgmtHostPort = 127.0.0.1:9089

and restart splunk.

It will be like this.
Splunk Server OR DS(ANY)->UF(9089)
UF(ANY)->DS(8089)

View solution in original post

damann · ‎03-04-2019

Otherwise you can change splunkd port via Web UI or by CLI as mentioned in this answer:
https://answers.splunk.com/answers/67/how-do-i-change-the-ports-that-splunk-listens-on.html

NOTE: The way you change Management Port by Web UI has changed:
- Log in as Admin
- Go to Settings
- Go to Server settings
- Look for Management port and change it
- Save your work!

HiroshiSatoh · ‎03-04-2019

Here is the way to change the default splunk forwarder management port:
In "/etc/system/local", add the following file and contents:

web.conf with
[settings]
mgmtHostPort = 127.0.0.1:9089

and restart splunk.

It will be like this.
Splunk Server OR DS(ANY)->UF(9089)
UF(ANY)->DS(8089)

skrish91 · ‎03-04-2019

Ok so we dont need to change anything in deployment server right?

Change splunkd management port on Universal forwarder

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases