Splunk
  • README
  • Docs
    • OS Migration
    • Resources
    • SSL
    • Settings
  • Integrations
    • Cisco
    • Cloudflare
    • Crowdstrike Integrations with Splunk Enterprise and ES
    • JAVA for DB Connect app
    • Delinea
    • F5 BIG-IP
    • FortiGate
    • Microsoft Azure
    • Integration Netflow with Splunk
    • Splunk Mobile
    • Sysmon
    • Telegram
    • Tenable
    • Twilio SMS
    • VMware
  • SPL Queries
    • MISC
    • SPL Queries
  • Splunk Deployment
    • Apps & Addons
    • Firewall rules
    • Indexer cluster deployment
    • Splunk Deployment Specifications
    • Splunk Deployment
    • Splunk ES
    • Syslog-ng
    • Universal Forwarder
Powered by GitBook
On this page
  • Splunk Common Network Ports
  • CrowdStrike
  • Splunk
  1. Splunk Deployment

Firewall rules

PreviousApps & AddonsNextIndexer cluster deployment

Last updated 3 months ago

Splunk Common Network Ports

This is a diagram of Splunk components and network ports that are commonly used in a Splunk Enterprise environment. Firewall rules often need to be updated to allow communication on ports 8000, 8089, 9997, 8080 and 514.

Ports

Open required ports (adjust based on your deployment):

sudo firewall-cmd --permanent --add-port=8000/tcp  # Splunk Web
sudo firewall-cmd --permanent --add-port=8089/tcp  # Management port
sudo firewall-cmd --permanent --add-port=9997/tcp  # Forwarder data ingestion
sudo firewall-cmd --reload

Verify open ports:

sudo firewall-cmd --list-ports

CrowdStrike

https://api.us-2.crowdstrike.com
https://firehose.us-2.crowdstrike.com

Splunk

https://www.splunk.com/
https://login.splunk.com/
https://download.splunk.com
https://splunkbase.splunk.com/