Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal Forwarder not listening on port 8000

sab057
Explorer
‎07-15-2011 12:26 PM

I have a strange problem. When I install the universal forwarder on my log server and perform a netstat -l I do not see port 8000 in a listening state. I do see port 8089, but not 8000. I've tried removing and reinstalling to no avail. The strange thing is, if I install the full splunk version then port 8000 is opened fine for management. If I then uninstall splunk and reinstall the forwarder, I have the same issue again. How do I get the forwarder to open port 8000?

I am installing splunkforwarder-4.2.2-101277-linux-2.6-intel.deb on Ubuntu 8.04.4 LTS.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

mw
Splunk Employee
Splunk Employee
‎07-15-2011 12:33 PM

The UF doesn't occupy port 8000 -- that's the web port and there is no web component to the UF. It should use the management port, however, at 8089 by default.

View solution in original post

Reply
Solved! Jump to solution

pero1234
Path Finder
‎07-15-2011 12:37 PM

Universal Forwarder only have management port on port 8089. Port 8000 on full Splunk is web gui port. UF doesn't have webgui.
If you want to change mngmt port 8089 to 8000 on UF do this with command

splunk set splunkd-port 8000
Reply
Solved! Jump to solution
Solution

mw
Splunk Employee
Splunk Employee
‎07-15-2011 12:33 PM

The UF doesn't occupy port 8000 -- that's the web port and there is no web component to the UF. It should use the management port, however, at 8089 by default.

Reply
Solved! Jump to solution

mw
Splunk Employee
Splunk Employee
‎07-15-2011 01:01 PM

It's ultimately the same code base, so there are some annoying items like that which may mislead you.

0 Karma
Reply
Solved! Jump to solution

sab057
Explorer
‎07-15-2011 12:43 PM

Thanks for the quick response, I guess I got confused by this install message:

Setting up splunkforwarder (4.2.2-101277) ...

Splunk has been installed in:
/opt/splunkforwarder

To start Splunk, run the command:
/opt/splunkforwarder/bin/splunk start

To use the Splunk Web interface, point your browser at:
http://loghost:8000

Complete documentation is at http://www.splunk.com/r/docs

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...