I have splunk enterprise installed on a local macos device for testing. I get the DNS traffic into splunk.
I have tried the GUI to add a UDP port 53 data input, but get receive this problem Parameter name: UDP port 53 is not available.
I have also tried sudo /Applications/Splunk/bin/splunk add udp 53
Parameter name: UDP port 53 is not available.
and this sudo /Applications/Splunk/bin/splunk enable listen 53
Parameter name: TCP port 53 is not available.
I understand ports below 1024 must be root, however i don't want to run splunk as root, and i am not sure this is the problem.
Can someone please confirm if i have to run splunk as root to be able to list to my own local ports, or do i have some other issue, and what are some options to get local ports < 1024 into splunk?