Other Usage

How to configure a receiver to listen on port 9997 when trying to receive data from a remote machine on the local network?

rogue_carrot
Communicator

Hello Team Splunk!

I am trying to receive data from a remote machine on the local network. In order to do so I configured a receiver to listen on port 9997. This is shown below in Figure 1. However, when I check netstat I see that the port is not actually listening for incoming connections, Figure 2. Does anyone know what is going wrong?

Also, I should I mention that I am using Splunk 6.0 on Windows 7 operating system (OS).
alt text
Figure 1: Splunk set to listen on 9997

alt text
Figure 2: Ports with 999 not open

0 Karma
1 Solution

xpac
SplunkTrust
SplunkTrust

As you're on Windows - use netstat -a to actually show listening ports - it doesn't show them by default.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

View solution in original post

xpac
SplunkTrust
SplunkTrust

As you're on Windows - use netstat -a to actually show listening ports - it doesn't show them by default.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

rogue_carrot
Communicator

Thank-you for the help with this.

0 Karma

wyomoose
Engager

Gonna maybe revive this thread. We are using RHEL 8.6 and we have Splunk Enterprise running and configured to listen on port 9997, we added it to the firewall with firewall-cmd and still netstat -l | grep 9997 returns nothing. We have tried different variations of netstat they all return zero. Also systemctl status splunk.service doesn't show the service using port 9997. Any suggestion do we need to add 9997 to the service somehow? If so how. Have set Splunk up on other RHEL 8 servers before no problem but something about this one seems different. Also the inputs.conf shows [splunktcp:\\9997] disabled=0. Any help is appreciated.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...