Reporting

Used Forwarder Ports

RobertRi
Communicator

Hi

I would like to install a forwarder behind a firewall.
It should be a normal forwarder not a lightweight forwarder to collect some data and forward that data to the indexer.

If I'm right then the only port to open is TCP 9997.

The other ports splunk uses are
web TCP 8000 and management TCP 8089

Is this right or are there other ports too which splunk use ?

Thanks
Robert

Tags (1)
0 Karma
1 Solution

Ayn
Legend

That is correct.

8000 - Web interface

8089 - Splunkd

9997 - Receiving port for forwarded events

You likely won't need to be able to access the Splunkd port from your forwarders unless you're setting up deployment client/servers. Similarly the web interface doesn't have to be accessible from the forwarders. The only port you need to be able to access for that purpose is 9997.

View solution in original post

Ayn
Legend

That is correct.

8000 - Web interface

8089 - Splunkd

9997 - Receiving port for forwarded events

You likely won't need to be able to access the Splunkd port from your forwarders unless you're setting up deployment client/servers. Similarly the web interface doesn't have to be accessible from the forwarders. The only port you need to be able to access for that purpose is 9997.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...