Installation

What port should I use to connect to a private server (Azure)?

saranyasubburaj
New Member

I want to connect the server which is in Azure (private network) to Splunk indexer server , which port should be opened in order to establish the connection?

Labels (1)
0 Karma
1 Solution

woodcock
Esteemed Legend

See port details here (including excellent diagram):
https://www.aplura.com/splunk-best-practices/

Carefully and consistently use Splunk’s listening ports, which bind to specific back-end processes. Some of these are referenced when Splunk starts. Generally speaking here are the standard ports, if they have not been altered:
tcp/8089 – splunkd – Splunk’s daemon port used for distributed search and deployment server.
tcp/8000 – splunkweb – Splunk’s web port used for web UI access.
tcp/8191 – kvstore – Splunk’s key value store.
tcp/9887 – Index cluster replication – Port commonly used to replicate Splunk data in index clustering environments. Note: This can be any permissible port, 9887 is just an example.
tcp/9997 – splunktcp listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder). Note: This can be any permissible port, 9997 is just an example.
tcp/9998 – splunktcp SSL listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder) using encryption. Note: This can be any permissible port, 9998 is just an example.

View solution in original post

woodcock
Esteemed Legend

See port details here (including excellent diagram):
https://www.aplura.com/splunk-best-practices/

Carefully and consistently use Splunk’s listening ports, which bind to specific back-end processes. Some of these are referenced when Splunk starts. Generally speaking here are the standard ports, if they have not been altered:
tcp/8089 – splunkd – Splunk’s daemon port used for distributed search and deployment server.
tcp/8000 – splunkweb – Splunk’s web port used for web UI access.
tcp/8191 – kvstore – Splunk’s key value store.
tcp/9887 – Index cluster replication – Port commonly used to replicate Splunk data in index clustering environments. Note: This can be any permissible port, 9887 is just an example.
tcp/9997 – splunktcp listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder). Note: This can be any permissible port, 9997 is just an example.
tcp/9998 – splunktcp SSL listener – Port commonly used to send events from a Splunk forwarder to a Splunk listener (indexer or another forwarder) using encryption. Note: This can be any permissible port, 9998 is just an example.

View solution in original post

s2_splunk
Splunk Employee
Splunk Employee

Assuming that "the server which is in Azure" is actually a Splunk forwarder, your Splunk admin can tell you which TCP port she/he has configured to receive data on. The default port is 9997.

More details

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!