Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What does splunk-parameter "--auto-ports"do?

rvany
Communicator
‎07-08-2017 10:34 AM

This parameter is used in auto-install-scripts for the Universal Forwarder but I could not find any information about it in the documentation. Is this something used in older versions of Splunk?

The Linux-strings-command outputs "--auto-ports" in /opt/splunk/bin/splunk - so it is recognized (like e.g. --accept-license).

Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎07-08-2017 07:58 PM

I believe that the auto-ports option still works in the latest version (6.6) of Splunk. What it does:

Splunk begins with the default port number for splunkd (8089 unless you have also changed the default). If that port is available, Splunk uses it for splunkd. However, if the port is not available, Splunk automatically increments the port and tries again (8090, 8091, etc.). It uses the first available port number that it finds.

This option is often used when installing the Universal Forwarder because we usually don't care which port is assigned to splunkd.

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎07-08-2017 07:58 PM

I believe that the auto-ports option still works in the latest version (6.6) of Splunk. What it does:

Splunk begins with the default port number for splunkd (8089 unless you have also changed the default). If that port is available, Splunk uses it for splunkd. However, if the port is not available, Splunk automatically increments the port and tries again (8090, 8091, etc.). It uses the first available port number that it finds.

This option is often used when installing the Universal Forwarder because we usually don't care which port is assigned to splunkd.

Reply
Solved! Jump to solution

rvany
Communicator
‎07-09-2017 04:17 AM

One additional question:

In the universal forwarder installation script this parameter is used in conjunction with "splunk set deploy-poll". Does this make sense? I would say this port is fixed/given by the configuration of the deployment-server.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎07-09-2017 10:21 PM

No - the port given for the deployment server is the deployment server's management port. This is completely unrelated to auto-ports or the forwarder's own management port.

0 Karma
Reply
Solved! Jump to solution

rvany
Communicator
‎07-09-2017 02:43 AM

Thank you. I added some feedback to the respective documentation so this information could be added there.

0 Karma
Reply
Solved! Jump to solution

malmoore
Splunk Employee
Splunk Employee
‎07-21-2017 01:26 PM

Thanks for that feedback. We'll get the documentation updated with this information shortly.

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...