Archive
Highlighted

Configuration for port 9997 already exists.

New Member

Setting up SPLUNK Reciever
I get the following error - Configuration for port 9997 already exists.
Netstat shows that port 9997 is listening
SHould I simply choose another port or is SPLUNK already using this port? (How can I check that?)

Tags (1)
0 Karma
Highlighted

Re: Configuration for port 9997 already exists.

SplunkTrust
SplunkTrust

If 9997 is already listening, you have a splunk instance running , probably with a different user

Try this to get the process id

 lsof -i TCP:9997
0 Karma
Highlighted

Re: Configuration for port 9997 already exists.

New Member

Thanks. Splunk Indexer (Receiver) is listening on port 9997.
Thanks.
I installed a forwarder on a Windows 7 client....not getting any data to Receiver (On a windows server).
I have the free version of SPLUNK to become more familiar with it.
Tried the CLI to start the forwarder to send data to receiver...nothing is being shipped.
Any help is appreciated. Still reading the various docs at Splunk's site.

0 Karma
Highlighted

Re: Configuration for port 9997 already exists.

SplunkTrust
SplunkTrust

Are these on two different windows server? Is the port open on the firewall ? What you see in splunkd logs on the forwarder?

0 Karma
Highlighted

Re: Configuration for port 9997 already exists.

Explorer

if you see this you already have instance listening. choose different port for your use

netstat -an | find "9997"
TCP 0.0.0.0:9997 0.0.0.0:0 LISTENING
TCP 10.0.0.35:9997 10.0.0.9:49965 ESTABLISHED

0 Karma
Highlighted

Re: Configuration for port 9997 already exists.

Splunk Employee
Splunk Employee

If you only have a single instance of Splunk on your machine, chances are you configured the input but perhaps its not in the normal system configuration location. The configuration should still see it, you can check

*Settings -> Forwarding and Receiving -> Configure Receiving *

Alternatively, from the CLI you can do

$splunk_home/bin/splunk btool inputs list splunktcp --debug

Run that from the bin directory where Splunk is installed. That will show you all splunkTCP inputs configured and the configuration file it exists in. You can remediate from there.

0 Karma