Security

How do I bind Splunk to a specific interface?

matt
Splunk Employee
Splunk Employee

I want to Splunk to listen on a specific interface not 0.0.0.0. How do I do this?

1 Solution

jrodman
Splunk Employee
Splunk Employee

You can set SPLUNK_BINDIP in etc/splunk-launch.conf, eg

SPLUNK_BINDIP=127.0.0.1

The address must be an address that the host actually has, for useful results.

View solution in original post

ddarmand
Communicator

Does this working anymore ? i can't find this conf file

0 Karma

aafogles
Explorer

Works okay at face value, but it seems to break Splunk Web, since the Web Server apparently still looks for the loopback IP (127.0.0.1) for management (8089). Not sure what other features using this setting might break.
Edited Looked more into the documentation. If you intend on using Web, ensure you configure web.conf to use the specified IP. See https://docs.splunk.com/Documentation/Splunk/6.5.2/Admin/BindSplunktoanIP for details

0 Karma

MikeKulls
Path Finder

And yes it still works as of v6.1

0 Karma

MikeKulls
Path Finder

/opt/splunk/etc/splunk-launch.conf

0 Karma

jrodman
Splunk Employee
Splunk Employee

You can set SPLUNK_BINDIP in etc/splunk-launch.conf, eg

SPLUNK_BINDIP=127.0.0.1

The address must be an address that the host actually has, for useful results.

jrodman
Splunk Employee
Splunk Employee

Probably not. I'm not aware of any ability to do so.

0 Karma

balbano
Contributor

can you bind more than one IP?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...