Hello,
We are building up test standalone Splunk on our environment, we decide to use the free version so what are the firewall rules we have to request?
Do we need to request the below ports:
8000 web
8089 management/rest
9997 indexer receiver
8191 KV store
514 Network port
As it is a standalone do I need to open?
8080 Indexer Replication
8181 search Replication
8088 http event collector
8065 app server?
Hi thiru179,
since this is a standalone server, it should be sufficient if you request TCP port 8000
for the Splunk UI access, and TCP port 9997
to get data into Splunk. TCP port 8089
would only be needed if you have deployment clients connecting to this instance, or if you plan to do remote REST API calls. All other ports will be accessible by the instance without firewall rule.
Don't forget access to the server itself, like SSH or RDP depending on platform running Splunk 😉
Hope this helps ...
cheers, MuS
Hi thiru179,
since this is a standalone server, it should be sufficient if you request TCP port 8000
for the Splunk UI access, and TCP port 9997
to get data into Splunk. TCP port 8089
would only be needed if you have deployment clients connecting to this instance, or if you plan to do remote REST API calls. All other ports will be accessible by the instance without firewall rule.
Don't forget access to the server itself, like SSH or RDP depending on platform running Splunk 😉
Hope this helps ...
cheers, MuS
Plus any ports needed for direct data inputs (like the 514 mentioned in the question, which probably refers to UDP 514 for ingesting syslog).
Thank you Mus and FrankVI, this cleared my confusion.