Bind Splunk to an IP
You can force Splunk to bind its ports to a specified IP address. By default, Splunk will bind to the IP address 0.0.0.0, meaning all available IP addresses.
Changing Splunk's bind IP only applies to the Splunk daemon (splunkd), which listens on:
- TCP port 8089 (by default)
- any port that has been configured as for:
- SplunkTCP inputs
- TCP or UDP inputs
To bind the Splunk Web process (splunkweb) to a specific IP, use the
server.socket_host setting in web.conf.
To make this a temporary change, set the environment variable
SPLUNK_BINDIP=<ipaddress> before starting Splunk.
If you want this to be a permanent change in your working environment, modify
$SPLUNK_HOME/etc/splunk-launch.conf to include the
SPLUNK_BINDIP attribute and
<ipaddress> value. For example, to bind Splunk ports to 127.0.0.1 (for local loopback only),
splunk-launch.conf should read:
# Modify the following line to suit the location of your Splunk install. # If unset, Splunk will use the parent of the directory this configuration # file was found in # # SPLUNK_HOME=/opt/splunk SPLUNK_BINDIP=127.0.0.1
mgmtHostPort attribute in
web.conf has a default value of
127.0.0.1:8089. Therefore, if you change
SPLUNK_BINDIP to any value besides
127.0.0.1, you must also change
mgmtHostPort to use the same IP address. For example, if you make this change in
you must also make this change in
web.conf (assuming the management port is
See web.conf for more information on the
Starting in version 4.3, the
web.conf mgmtHostPort setting has been extended to allow it to take IPv6 addresses if they are enclosed in square brackets. Therefore, if you configure splunkd to only listen on IPv6 (via the setting in
server.conf described in "Configure Splunk for IPv6" in this manual), you must change this from
Change default values
Configure Splunk for IPv6
This documentation applies to the following versions of Splunk® Enterprise: 6.5.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10
Feedback submitted, thanks!