Splunk Common Ports
This is a diagram of Splunk components and network ports that are commonly used in a Splunk Enterprise environment. Firewall rules often need to be updated to allow communication on ports 8000, 8089, 9997, 8080 and 514.
UFs ---9997---> HF --- 9997---> Indexers
UFs, Indexers, SHs ---8089 ---> DS
Splunk Web Port: 8000
Splunk Management Port: 8089
Splunk Indexing Port: 9997
Splunk Index Replication Port 8080
Splunk network port: 514 (Used to get data in from netwok port i.e. UDP data)
How to change default port numbers in splunk?
There may be certain conditions where you may need to change default port numbers used.Most of the case due to security reasons OR if other service is using the port then You can change the default values by following below steps:
Using Splunk WebTo change the ports from their installation settings:
1. Log into Splunk Web as the admin user.
2. Click Manager in the top-right of the interface.
3. Click the System settings link in the System section of the screen.
4. Click General settings.
5. Change the value for either Management port or Web port, and click Save.
Using Splunk CLITo change the port settings via the Splunk CLI, use the CLI command set.
For example, this command sets the Splunk Web port to 9000:
splunk set web-port 9000
This command sets the splunkd port to 9089:
splunk set splunkd-port 9089