Internet-Security.com TCP port 8089 details

Splunk Enterprise uses TCP 8089 as the splunkd management port that exposes its REST API.
Splunk components (indexers, search heads, cluster manager/master, deployment server, heavy/universal forwarders) communicate over 8089 for configuration management, app deployment, clustering/search-head-cluster coordination, and other administrative tasks.
The Splunk CLI and Splunk Web backend call the 8089 API locally or remotely for actions like user/role management, index maintenance, and alert/action execution.
Splunk apps such as Enterprise Security and IT Service Intelligence rely on the same 8089 management endpoint because they run atop Splunk Enterprise.
Security note: exposed Splunk 8089 endpoints are frequently targeted since they grant powerful admin access; multiple Splunk CVEs have affected this management API, so it should be restricted to internal/admin networks.

TCP 8089