Configure outbound ports for Splunk Cloud Platform
Some Splunk Cloud Platform use cases require opening an outbound port so that your deployment can establish an outbound network connection with an external resource. For example, to configure Splunk federated search, which lets you run searches on remote Splunk platform instances, you must open Splunk Management port 8089. Using the Admin Config Service (ACS) API, you can open ports to allow outbound network connections to specified IP subnets programmatically.
Requirements
To configure outbound ports using the ACS API:
- Your role must have the capabilities required to access the ACS API endpoint. The
sc_admin
role has all required capabilities by default. For a list of required capabilities, see Manage ACS API access with capabilities. - You must have Splunk Cloud Platform version 8.0.2007 or higher
- Your deployment must have one or more separate search heads or a search head cluster. ACS is not supported on single instance deployments.
Set up the ACS API
Before using the ACS API, you must download the ACS Open API 3.0 specification, which includes the parameters, response codes, and other data you need to work with the ACS API. You must also create an authentication token in Splunk Cloud Platform for use with ACS endpoint requests. For details on how to set up the ACS API, see Set up the ACS API.
Configure outbound ports using the ACS API
The following sections show you how to create and manage outbound ports for your Splunk Cloud Platform deployment using the ACS API.
View all outbound ports
To view a list of existing outbound ports, send an HTTP GET request to the following endpoint:
admin.splunk.com/{stack}/adminconfig/v2/access/outbound-ports
For example:
curl 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports' \ --header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...'
The request returns a list of existing outbound ports and corresponding destination IP subnet ranges. For example:
[ { "destinationRanges": [ "34.226.34.80/32", "54.226.34.80/32" ], "name": "8089", "port": 8089 }, { "destinationRanges": [ "4.16.171.10/32" ], "name": "8590", "port": 8590 } ]
For endpoint details, see access/outbound-ports in the ACS API endpoint reference.
Create an outbound port
To create a rule that allows an outbound connection from a specified port to one or more destination subnets, send an HTTP POST request to the access/outbound-ports
endpoint, specifying the port number and the destination subnets. You can also specify a reason for the open outbound port. For example:
curl -X POST 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports' \ --header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...' \ --header 'Content-Type: application/json' \ --data-raw '{ "outboundPorts": [{"subnets": ["34.226.34.80/32", "54.226.34.80/32"], "port": 8089}], "reason": "testing federated search connection" }'
You can only specify one unique port per outbound port request. To update destination subnets for an outbound port, you must delete the outbound port rule and create a new rule for the port.
The request returns the outbound port and allowed subnets. For example:
{ "outboundPorts": [ { "port": 8089, "subnets": [ "34.226.34.80/32", "54.226.34.80/32" ] } ],
A 200
response code indicates that your request was submitted successfully. Note that it can take several minutes for the outbound port request to be applied to your Splunk Cloud Platform deployment.
To check the status of your outbound port request, send an HTTP GET request specifying the {stack}
value (URL prefix of your Splunk Cloud Platform deployment) as the only argument.
curl https://admin.splunk.com/{stack}/adminconfig/v2/status
ACS returns one of the following status responses:
- Ready: The environment is ready, and infrastructure is up to date.
- Pending: The stack has some pending changes that haven't been applied to the environment yet. The changes could be internal system changes for the environment or user requested changes like a modification to allow lists.
Creating a new outbound port rule is an append transaction and does not overwrite existing outbound rules
For endpoint details, see access/outbound-ports in the ACS API endpoint reference.
View an individual outbound port
To view an individual outbound port, send an HTTP GET request to the access/outbound-ports/{port}
endpoint, specifying the individual port. For example:
curl 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports/8089' \ --header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...'
The request returns the allowed destination IP subnets for the individual outbound port. For example:
{ "destinationRanges": [ "34.226.34.80/32", "54.226.34.80/32" ], "name": "8089", "port": 8089 }
For endpoint details, see access/outbound-ports/{port} in the ACS API endpoint reference.
Delete an outbound port
To delete an outbound port configuration, send an HTTP DELETE request to the access/outbound-ports/
{port}
endpoint, specifying the outbound port you want to delete. For example:
curl -X DELETE 'https://admin.splunk.com/important-iguana-u5q/adminconfig/v2/access/outbound-ports/1521' \ --header 'Authorization: Bearer eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnI...' \ --header 'Content-Type: application/json' \ --data-raw '{ "subnets": ["54.203.114.197/32", "34.226.34.80/32"] }'
The request returns the deleted destination subnets for the outbound port. For example:
{ "subnets": [ "54.203.114.197/32", "34.226.34.80/32" ] }
For endpoint details, see access/outbound-ports/{port} in the ACS API endpoint reference.
Configure IP allow lists for Splunk Cloud Platform | Export apps in Splunk Cloud Platform |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!