The answer depends upon where your user context was when you configured it. It might be the "launcher" app, or "search" or any other app. Basically, it's in the app you were in before you clicked on the "Manager" link.
Since you're in version 5.0.5, you can use the btool command to find the exact path of the file containing the setting. Versions prior to 5.0.5 (ish) only gave you the application name.
First, to set up btool on Windows, enter this in a command shell:
set SPLUNK_HOME=C:\program files\splunk (or wherever Splunk is installed)
Now you can run the program itself: %SPLUNK_HOME%\bin\btool inputs list splunktcp --debug
You'll get the base [splunktcp] stanza, but also the [splunktcp://9997] one. The --debug adds the full path to the file containing the setting in the leftmost position, so it should be easy to see where the file is located.
The answer depends upon where your user context was when you configured it. It might be the "launcher" app, or "search" or any other app. Basically, it's in the app you were in before you clicked on the "Manager" link.
Since you're in version 5.0.5, you can use the btool command to find the exact path of the file containing the setting. Versions prior to 5.0.5 (ish) only gave you the application name.
First, to set up btool on Windows, enter this in a command shell:
set SPLUNK_HOME=C:\program files\splunk (or wherever Splunk is installed)
Now you can run the program itself: %SPLUNK_HOME%\bin\btool inputs list splunktcp --debug
You'll get the base [splunktcp] stanza, but also the [splunktcp://9997] one. The --debug adds the full path to the file containing the setting in the leftmost position, so it should be easy to see where the file is located.
Also, note that the URL bar gives you a hint about where you are at all times. The first part of the URL is your locale (en-US for me), followed by the context, then the application name (if applicable), and the view name. For example, in versions prior to 6, the main "Search" page is at: en-US/app/search/flashtimeline. When you click the Manager from this context, you're now at en-US/manager/search, so any new configs you create would be in the "search" app.
We don't like to configure items in system/local, because it becomes an itch that you can't scratch with the deployment server. I hardly ever do configuration via the UI, I'm always down in configuration files. Further, in a "production grade deployment", you're not likely to be configuring hosts by hand. Most of the deployments I'm working on are large enough to merit some config management tool, like the deployment server, or external, like puppet or chef.
That being said, I've worked with this for a while, so app containment just feels "natural" to me.
What an excellent answer! Something I find concerning is the "randomness" on where the stanza is added. I expected it to be in etc/system/local/inputs.conf. I'm thinking in a production grade deployment, I should configure the receiver by updating this file manually and then restart splunk. Would you agree?