The general rule of thumb in security is if you don't use it, disable it. Why give a potential attacker yet another door to try?
In the Splunk realm, there are often times where installations such as light forwarders, which need no real interaction other than to throw data at the indexers, we can turn off the management port 8089. There is no real reason to keep it open. Changes can still be made using a deployment server and no interaction is needed with that forwarder.
In local/server.conf add the following:
disableDefaultPort = true
Save and restart Splunk.
Guarding your IT Experience!