Bind Splunk to an IP
By default, the Splunk Enterprise services are bound to IP address 0.0.0.0, meaning all available IP addresses on the host machine. You can force Splunk Enterprise to bind all service ports to a specified IP address.
Changing the IP address applies to the Splunk daemon (splunkd) services:
- TCP port 8089 (by default)
- Splunk Web port 8000 (by default)
- Any port that has been configured as for:
- SplunkTCP inputs
- TCP or UDP inputs
- HEC inputs
- App Server port 8065 (by default)
- KV Store port 8191 (by default)
To bind the Splunk Web process (splunkweb) to a specific IP, use the server.socket_host
setting in web.conf.
Temporarily change the IP address
To make this a temporary change, use the environment variable SPLUNK_BINDIP=<ipaddress>
to set an IP address before starting Splunk Enterprise services.
Permanently change the IP address
To permanently change the default IP address for a host machine, update the $SPLUNK_HOME/etc/splunk-launch.conf
to include the SPLUNK_BINDIP
attribute and <ipaddress>
value.
For example, to bind Splunk ports to 127.0.0.1 (for local loopback only), splunk-launch.conf
should read:
# Modify the following line to suit the location of your Splunk install. # If unset, Splunk will use the parent of the directory this configuration # file was found in # # SPLUNK_HOME=/opt/splunk SPLUNK_BINDIP=127.0.0.1
Important: The mgmtHostPort
attribute in web.conf
has a default value of 0.0.0.0:8089
. If you use SPLUNK_BINDIP
to enforce a different IP address, you must also change mgmtHostPort
to use the same IP address.
For example, if you change the splunk-launch.conf
:
SPLUNK_BINDIP=10.10.10.1
you must also change the web.conf
to IP address to match:
mgmtHostPort=10.10.10.1:8089
See web.conf for more information on the mgmtHostPort
attribute.
IPv6 considerations
The mgmtHostPort
setting in web.conf accepts IPv6 addresses if they are enclosed in square brackets. If you configure splunkd to only listen on IPv6, you must update the mgmtHostPort
to use [::1]:8089
instead of 127.0.0.1:8089
. See "Configure Splunk for IPv6".
Change default values | Configure Splunk Enterprise for IPv6 |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1
Feedback submitted, thanks!