Question about the ports used for both Splunk and ...

ansred · ‎05-29-2020

Greetings,

I have Synology as host for Docker containers environment.

I have Splunk installed and running fine. (Host Network)

I have installed the Splunk forwarder App and docker container. (Bridge Network)

    Local port TCP <<<<<>>>>> Container Port TCP
    1088  <<<<<>>>>> 8088
    1089 <<<<<>>>>> 8089
     1997 <<<<<>>>>> 9997

The question, about the ports being using for both Splunk and Forwarder

It says per the wiki that I need to open port 9997 on both containers, which is you can since they are going to be conflicted

Links:
https://splunk.github.io/docker-splunk/SETUP.html#install

I got already the Pi-hole log file ready and good to go

/volume1/docker/Pi-hole/var/log/pihole.log

And I got the forwarder input conf file ready as well
/volume1/docker/Splunk/Splunk-FWD/opt/splunkforwarder/etc/system/local/inputs.conf

And here is its content:

[splunktcp://9997]
disabled = 0

[monitor:/volume1/docker/Pi-hole/var/log/pihole.log]
whitelist = pihole\.lo.+
disabled = false
sourcetype = pihole:log

Her as you see the port for Splunk is listening

root@Synology:~# netstat -plnt | grep ':9997'
tcp        0      0 0.0.0.0:9997            0.0.0.0:*               LISTEN      29533/splunkd

Any idea how to get it working or what if I missing something?

Thanks
Anas

Question about the ports used for both Splunk and Forwarder

configuration

installation

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability