Hi All -
Could you confirm that I have the connectivity ports correct or if I’m missing any? I just want to use the default port configurations at this point. I have installed splunk on a single server and will be installing the universal forwarder to 3 other servers to forward the data back to the main server.
from Desktop Web Clients to Main Splunk Server using http on port 8000
from Client Servers to Main Splunk Server using tcp/udp on port 9997 for universal forwarder
from Client Servers to Main Splunk Server using tcp on port 8089 for Management Communication ***Does this one need to go back to those client servers with UF?
Thanks!
That all depends. Are you planning to enable remote cli on your forwarders, if so you will need to allow 8089 from your Splunk Server. You will also have to change the default password on the forwarders to enable this.
TCP/8089 - deployment server, distributed search, remote cli, pooled search heads (Search head to indexers) (Deployment client to Deployment Server) (between distributed search members) (between Pooled Search Head members) (remote cli to splunk instance)
TCP/9997- Default recieving port on indexers (Forwarder to Indexers)
TCP/8000 - Default port SearchHead (web browser to search head)
In an All-in-One deployment your Splunk Server is the Deployment Server, Indexer, Search Head, and Licensing Server. Each one of those Roles/features are available on Full installs of Splunk and can be enable or disabled. Deployment server is disabled by default. In an all in one deployment TCP/9997 from forwarder to indexer/search and TCP/8000 from webclients to search head is all you should need to start. Hope this helps and that I answered your question.
I meant to answer, I don't know if I will enable the remote CLI at this point since this a POC. But, it is good to know about the traffic if we do.
Thank you. I have the initial install onto a single server. Are the terms of deployment server indexers and searchhead synonymous for each/the server that I have Splunk installed on?
Thanks.