Firewall ports between search head and app/index server

New Member


What ports need to be opened on firewall between search head and the app/index server?



Tags (1)
0 Karma


It depends what you all have configured - as you saying you "only" have a search head connection to index server I reckon, you open 8089.

Here a little list which may help:

Application  Port
-----------  ----
Splunk UI           8000
Distributed Search  8089
Forwarder/Receiver  9997

Further, you may have a look on your system what ports you listening to: netstat -a

Get Updates on the Splunk Community!

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...