Security

Port Documentation

dcsteve24
Explorer

We have a standalone install which has to follow specific guidance and documentation. Without getting much into things,  I need to document each port open and if certain ones don't already have a vulnerability assessment on file I need to generate a local report on what the port is for and how its utilized in the system(s).

My clients have splunk installed but don't tap into a lot of its power currently. Therefore I expect a lot of the extra ports can be turned off (at least for now) and save me a lot of paperwork.

This brings me to port 8065 and 8191.

8065, a local listening port that is tied to the splunk appserver. Problem is I can't find what Splunk is using this for exactly outside "app server".

  • If we don't utilize Splunk apps is this required? If we did what does this port provide and why would it be required?
  • When are calls made to it?
  • How would I turn it off in version 8 if I don't need it?

8191 is used for app kv store.

  • If apps are not utilized, can this be turned off?
  • If so how?
  • If apps are not utilized this seems like it wouldn't be required. 

 

Labels (1)
Tags (1)
0 Karma

jmartin_pro
Explorer

Hi! I know I'm late but I've always wondered this as well... From the Components and their relationship with the network section of the Inherit a Splunk Enterprise Deployment documentation, this is loopback communication, meaning you won't need to open any ports. Splunk is talking to the local KV Store database (mongod).

20240405_123937.pngIf I run an lsof for open ports, I see the following all occurring over the loopback interface (8065 shows a similar result, only showing Python as the listening service):

20240405_125005.png

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

splunk has published this too in docs, but I cannot found it now 😞

https://www.aplura.com/splunk-best-practices/ This doc contains also picture and explanations of those. 

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...