Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure a receiver to listen on port 9997 when trying to receive data from a remote machine on the local network?

rogue_carrot
Communicator
‎05-15-2018 09:21 AM

Hello Team Splunk!

I am trying to receive data from a remote machine on the local network. In order to do so I configured a receiver to listen on port 9997. This is shown below in Figure 1. However, when I check netstat I see that the port is not actually listening for incoming connections, Figure 2. Does anyone know what is going wrong?

Also, I should I mention that I am using Splunk 6.0 on Windows 7 operating system (OS).
alt text
Figure 1: Splunk set to listen on 9997

alt text
Figure 2: Ports with 999 not open

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

xpac
SplunkTrust
SplunkTrust
‎05-15-2018 11:18 AM

As you're on Windows - use netstat -a to actually show listening ports - it doesn't show them by default.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

xpac
SplunkTrust
SplunkTrust
‎05-15-2018 11:18 AM

As you're on Windows - use netstat -a to actually show listening ports - it doesn't show them by default.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

Reply
Solved! Jump to solution

rogue_carrot
Communicator
‎05-15-2018 11:36 AM

Thank-you for the help with this.

0 Karma
Reply
Solved! Jump to solution

wyomoose
Engager
‎10-08-2023 08:41 PM

Gonna maybe revive this thread. We are using RHEL 8.6 and we have Splunk Enterprise running and configured to listen on port 9997, we added it to the firewall with firewall-cmd and still netstat -l | grep 9997 returns nothing. We have tried different variations of netstat they all return zero. Also systemctl status splunk.service doesn't show the service using port 9997. Any suggestion do we need to add 9997 to the service somehow? If so how. Have set Splunk up on other RHEL 8 servers before no problem but something about this one seems different. Also the inputs.conf shows [splunktcp:\\9997] disabled=0. Any help is appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...