Hello Team Splunk!
I am trying to receive data from a remote machine on the local network. In order to do so I configured a receiver to listen on port 9997. This is shown below in Figure 1. However, when I check netstat I see that the port is not actually listening for incoming connections, Figure 2. Does anyone know what is going wrong?
Also, I should I mention that I am using Splunk 6.0 on Windows 7 operating system (OS).
Figure 1: Splunk set to listen on 9997
Figure 2: Ports with 999 not open
As you're on Windows - use netstat -a
to actually show listening ports - it doesn't show them by default.
Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂
As you're on Windows - use netstat -a
to actually show listening ports - it doesn't show them by default.
Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂
Thank-you for the help with this.
Gonna maybe revive this thread. We are using RHEL 8.6 and we have Splunk Enterprise running and configured to listen on port 9997, we added it to the firewall with firewall-cmd and still netstat -l | grep 9997 returns nothing. We have tried different variations of netstat they all return zero. Also systemctl status splunk.service doesn't show the service using port 9997. Any suggestion do we need to add 9997 to the service somehow? If so how. Have set Splunk up on other RHEL 8 servers before no problem but something about this one seems different. Also the inputs.conf shows [splunktcp:\\9997] disabled=0. Any help is appreciated.