According to the Indexer Clustering Administration Guide, the most efficient and Splunk-recommended way to configure and manage receiving ports for all clustered indexers (peer nodes) is through the Cluster Manager (previously known as the Master Node).
In a clustered environment, configuration changes that affect all peer nodes—such as receiving port definitions—should be managed centrally. The correct procedure is to define the inputs configuration file (inputs.conf) within the Cluster Manager’s manager-apps directory. Specifically, the configuration is placed in:
$SPLUNK_HOME/etc/manager-apps/_cluster/local/inputs.conf
and then deployed to all peers using the configuration bundle push mechanism.
This centralized approach ensures consistency across all peer nodes, prevents manual configuration drift, and allows Splunk to maintain uniform ingestion behavior across the cluster.
Running splunk enable listen on each peer (Option C) or manually configuring inputs via Splunk Web (Option A) introduces inconsistencies and is not recommended in clustered deployments. Using the deployment-apps path (Option B) is meant for deployment servers, not for cluster management.
References (Splunk Enterprise Documentation):
• Indexer Clustering: Configure Peer Nodes via Cluster Manager
• Deploy Configuration Bundles from the Cluster Manager
• inputs.conf Reference – Receiving Data Configuration
• Splunk Enterprise Admin Manual – Managing Clustered Indexers
Submit