- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Deployment server with forwarder management
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Deployment server with forwarder management
We have a distributed arquitecture with two Heavy forwarders as deployment servers, in differents geographical sites, and the indexer in AWS. All of them are running very well, but now we have a new requeriment to deploy Universal Forwarders on machines that have the mngt port in use by other software. This software is prioritary and we can't change it.
Is it possible to have some universal forwarders configured with a port different than 8089 taking in account that the deployment server has this port asigned.
UF A:8089 <--> HeavyForwerder (deploy server): 8089 <--> UF B:8XXX
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Think about what is happening here. The Deployment Client (your UF), will create a socket and the network stack will pick a random available port to use as the source port to open a connection to port 8089 on the Deployment Server. Source port 8089 has nothing to do with anything. So you do not have a problem here; carry on as normal.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use any port as a management port, just ensure that you explicitly mention it wherever applicable. It's not a new, there are instances where people have changed there management port on forwarder.
https://answers.splunk.com/answers/293929/is-it-possible-to-change-the-current-port-8089-of.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply. I know the possibility of changing the port, but we can not change it in the whole infrastructure, we need to make a "mix"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Run this on those machines:
splunk set splunkd-port 8090
You might want to have every machine use the same port though. Might cause some glitching if you use two different ports.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I think like you. I imagined that mixing ports can cause problems.
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
Splunk APM: New Product Features + Community Office Hours Recap!
Index This | Forward, I’m heavy; backward, I’m not. What am I?
