Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Universal forwarder management port is closed

eduardo1989
Path Finder
‎02-02-2024 02:07 PM

Hi All,

I updated Splunk Universal forwarder from 8.2.6 to 9.1.3 on a Debian host. No specific configuration basically, everything by default. I would like to use the REST capabilities which I already used with the older version but this time the port is not listening, however startup says its listening.
Checking mgmt port [8089]: open
Netstat shows no 8089 as well.
Host has no firewall, no bulls**t, just pure playground and as I said older version worked perfectly.
What can be the problem, another bug in the software?

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-02-2024 05:21 PM

The report at startup indicates port 8089 is not in use by any process (it's "open" for use).  It does not mean Splunk is listening on that port (at least not yet).

Version 9.0 changed the default behavior of the UF's management port.  See the Release Notes at https://docs.splunk.com/Documentation/Splunk/9.0.8/ReleaseNotes/MeetSplunk#What.27s_New_in_9.0

https://docs.splunk.com/Documentation/Splunk/9.0.8/ReleaseNotes/MeetSplunk#What.27s_New_in_9.0

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ww9rivers
Contributor
‎04-22-2024 11:24 AM

I am having the same issue. I have also checked the Release Notes you linked. I already have those items configured:

$ bin/splunk btool web list | grep mgmtHostPort
mgmtHostPort = 0.0.0.0:8089
$ bin/splunk btool server list | grep disableDefaultPort
disableDefaultPort = false

But still, I don't see splunkd listening on port 8089:
$ sudo lsof -i tcp -P | grep 8089

(I get nothing.)

The Universal Forwarder is v9.2.1 on Red Hat Enterprise Linux 8.9.

0 Karma
Reply

eduardo1989
Path Finder
‎02-02-2024 06:35 PM

The thing is it does not listen at all on Linux after the mentioned version. On windows I could check and it works as defined. As it is written by default it is limited to localhost. 

Anyways thanks for this info.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-03-2024 05:41 AM

What you described is the new default behavior.

---
If this reply helps you, Karma would be appreciated.
Reply

edmondpalcsarbi
Engager
‎02-03-2024 06:03 AM

Yes, in the meantime it turned out the default way it to listen on a UNIX Domain Socket and I need to switch with config back to the tcp method. 🙂

0 Karma
Reply

patelmc19
Loves-to-Learn
‎10-31-2024 04:00 PM

What do you mean by need to switch with config back to the tcp method?
How did you do that?

after this change do you see it listen to port 8089?

netstat -pant | egrep 8089  - do you see listen ?

0 Karma
Reply

ww9rivers
Contributor
‎11-01-2024 01:50 PM

This is what I have in "server.conf", in addition to what I have in "web.conf":

[httpServer]
disableDefaultPort = false
mgmtMode = tcp

After that, splunkd starts to listen to TCP port 8089.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top