Splunk® Enterprise

Inherit a Splunk Enterprise Deployment

Splunk Enterprise version 8.2 is no longer supported as of September 30, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Components and their relationship with the network

Splunk Enterprise components require network connectivity to work properly if they have been distributed across multiple machines, and even in cases where the components are on one machine.

Splunk components communicate with each other using TCP and UDP network protocols. A firewall that has not been configured to allow these ports open can block communication between the Splunk instances.

Splunk software uses the following network ports to communicate between its components by default or by convention. You can perform a network port scan on a host to determine if it is listening on a port. Record open port numbers on your deployment diagram.

Component Purpose Communicates on Listens on
All components* Management / REST API N/A TCP/8089
Search head / Indexer Splunk Web access Any TCP/8000
Search head App Key Value Store Any TCP/8065, TCP/8191
Indexer Receiving data from forwarders N/A TCP/9997
Search head cluster member Cluster replication N/A TCP/8081, TCP/9887, TCP/8181
Indexer cluster peer node Cluster replication N/A TCP/8080, TCP/9887
Heavy Forwarder or Indexer Receiving data over HTTP Event Collector (HEC) N/A TCP/8088


Diagrams

The following diagrams show the network ports that Splunk software listens on.

SplunkNetworkPorts.png SplunkNetworkPortsCluster81plus.png

Last modified on 02 November, 2022
Examine configuration files to determine your topology   Learn about the data in your Splunk deployment

This documentation applies to the following versions of Splunk® Enterprise: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters