Bind Splunk to an IP
You can force Splunk to bind its ports to a specified IP address. By default, Splunk will bind to the IP address 0.0.0.0, meaning all available IP addresses.
Changing Splunk's bind IP only applies to the Splunk daemon (splunkd), which listens on:
- TCP port 8089 (by default)
- any port that has been configured as for:
- SplunkTCP inputs
- TCP or UDP inputs
To bind the Splunk Web process (splunkweb) to a specific IP, use the server.socket_host
setting in web.conf.
Temporarily
To make this a temporary change, set the environment variable SPLUNK_BINDIP=<ipaddress>
before starting Splunk.
Permanently
If you want this to be a permanent change in your working environment, modify $SPLUNK_HOME/etc/splunk-launch.conf
to include the SPLUNK_BINDIP
attribute and <ipaddress>
value. For example, to bind Splunk ports to 127.0.0.1 (for local loopback only), splunk-launch.conf
should read:
# Modify the following line to suit the location of your Splunk install. # If unset, Splunk will use the parent of the directory this configuration # file was found in # # SPLUNK_HOME=/opt/splunk SPLUNK_BINDIP=127.0.0.1
Important: The mgmtHostPort
attribute in web.conf
has a default value of 127.0.0.1:8089
. Therefore, if you change SPLUNK_BINDIP
to any value besides 127.0.0.1
, you must also change mgmtHostPort
to use the same IP address. For example, if you make this change in splunk-launch.conf
:
SPLUNK_BINDIP=10.10.10.1
you must also make this change in web.conf
(assuming the management port is 8089
):
mgmtHostPort=10.10.10.1:8089
See web.conf for more information on the mgmtHostPort
attribute.
IPv6 considerations
Starting in version 4.3, the web.conf mgmtHostPort
setting has been extended to allow it to take IPv6 addresses if they are enclosed in square brackets. Therefore, if you configure splunkd to only listen on IPv6 (via the setting in server.conf
described in "Configure Splunk for IPv6" in this manual), you must change this from 127.0.0.1:8089
to [::1]:8089
.
Change default values | Configure Splunk for IPv6 |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10
Feedback submitted, thanks!