Splunk Cloud Platform

Admin Config Service Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure outbound ports for Splunk Cloud Platform

Some Splunk Cloud Platform use cases require opening an outbound port so that your deployment can establish an outbound network connection with an external resource. For example, to configure Splunk federated search, which lets you run searches on remote Splunk platform instances, you must open Splunk Management port 8089. Using the Admin Config Service (ACS) API, you can open ports to allow outbound network connections to specified IP subnets programmatically.

Requirements

To configure outbound ports using the ACS API:

  • Your role must have the capabilities required to access the ACS API endpoint. The sc_admin role has all required capabilities by default. For a list of required capabilities, see Manage ACS API access with capabilities.
  • You must have Splunk Cloud Platform version 8.0.2007 or higher
  • Your deployment must have one or more separate search heads or a search head cluster. ACS is not supported on single instance deployments.

Set up the ACS API

Before using the ACS API, you must download the ACS Open API 3.0 specification, which includes the parameters, response codes, and other data you need to work with the ACS API. You must also create an authentication token in Splunk Cloud Platform for use with ACS endpoint requests. For details on how to set up the ACS API, see Set up the ACS API.

Configure outbound ports using the ACS API

The following sections show you how to create and manage outbound ports for your Splunk Cloud Platform deployment using the ACS API.

View all outbound ports

To view a list of existing outbound ports, send an HTTP GET request to the following endpoint:

admin.splunk.com/{stack}/adminconfig/v2/access/outbound-ports

For example:

curl 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...'

The request returns a list of existing outbound ports and corresponding destination IP subnet ranges. For example:

[
   {
       "destinationRanges": [
           "34.226.34.80/32",
           "54.226.34.80/32"
       ],
       "name": "8089",
       "port": 8089
   },
   {
       "destinationRanges": [
           "4.16.171.10/32"
       ],
       "name": "8590",
       "port": 8590
   }
]

For endpoint details, see access/outbound-ports in the ACS API endpoint reference.

Create an outbound port

To create a rule that allows an outbound connection from a specified port to one or more destination subnets, send an HTTP POST request to the access/outbound-ports endpoint, specifying the port number and the destination subnets. You can also specify a reason for the open outbound port. For example:

curl -X POST 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...' \
--header 'Content-Type: application/json' \
--data-raw '{
   "outboundPorts": [{"subnets": ["34.226.34.80/32", "54.226.34.80/32"], "port": 8089}],
   "reason": "testing federated search connection"
}'

You can only specify one unique port per outbound port request. To update destination subnets for an outbound port, you must delete the outbound port rule and create a new rule for the port.

The request returns the outbound port and allowed subnets. For example:

{
   "outboundPorts": [
       {
           "port": 8089,
           "subnets": [
               "34.226.34.80/32",
               "54.226.34.80/32"
           ]
       }
   ],
 

A 200 response code indicates that your request was submitted successfully. Note that it can take several minutes for the outbound port request to be applied to your Splunk Cloud Platform deployment.

To check the status of your outbound port request, send an HTTP GET request specifying the {stack} value (URL prefix of your Splunk Cloud Platform deployment) as the only argument.

curl https://admin.splunk.com/{stack}/adminconfig/v2/status

ACS returns one of the following status responses:

  • Ready: The environment is ready, and infrastructure is up to date.
  • Pending: The stack has some pending changes that haven't been applied to the environment yet. The changes could be internal system changes for the environment or user requested changes like a modification to allow lists.

Creating a new outbound port rule is an append transaction and does not overwrite existing outbound rules

For endpoint details, see access/outbound-ports in the ACS API endpoint reference.

View an individual outbound port

To view an individual outbound port, send an HTTP GET request to the access/outbound-ports/{port} endpoint, specifying the individual port. For example:

curl 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports/8089' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...'

The request returns the allowed destination IP subnets for the individual outbound port. For example:

{
   "destinationRanges": [
       "34.226.34.80/32",
       "54.226.34.80/32"
   ],
   "name": "8089",
   "port": 8089
}

For endpoint details, see access/outbound-ports/{port} in the ACS API endpoint reference.

Delete an outbound port

To delete an outbound port configuration, send an HTTP DELETE request to the access/outbound-ports/ {port} endpoint, specifying the outbound port you want to delete. For example:

curl -X DELETE 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports/1521' \
--header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...'  \
--header 'Content-Type: application/json' \
--data-raw '{
   "subnets": ["54.203.114.197/32", "34.226.34.80/32"]
   }'

The request returns the deleted destination subnets for the outbound port. For example:

{
   "subnets": [
       "54.203.114.197/32",
       "34.226.34.80/32"
   ]
}

For endpoint details, see access/outbound-ports/{port} in the ACS API endpoint reference.

Last modified on 25 January, 2024
PREVIOUS
Configure IP allow lists for Splunk Cloud Platform
  NEXT
Manage app permissions in Splunk Cloud Platform

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308 (latest FedRAMP release), 9.1.2312


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters