Reporting

Used Forwarder Ports

RobertRi
Communicator

Hi

I would like to install a forwarder behind a firewall.
It should be a normal forwarder not a lightweight forwarder to collect some data and forward that data to the indexer.

If I'm right then the only port to open is TCP 9997.

The other ports splunk uses are
web TCP 8000 and management TCP 8089

Is this right or are there other ports too which splunk use ?

Thanks
Robert

Tags (1)
0 Karma
1 Solution

Ayn
Legend

That is correct.

8000 - Web interface

8089 - Splunkd

9997 - Receiving port for forwarded events

You likely won't need to be able to access the Splunkd port from your forwarders unless you're setting up deployment client/servers. Similarly the web interface doesn't have to be accessible from the forwarders. The only port you need to be able to access for that purpose is 9997.

View solution in original post

Ayn
Legend

That is correct.

8000 - Web interface

8089 - Splunkd

9997 - Receiving port for forwarded events

You likely won't need to be able to access the Splunkd port from your forwarders unless you're setting up deployment client/servers. Similarly the web interface doesn't have to be accessible from the forwarders. The only port you need to be able to access for that purpose is 9997.

Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...