Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Correct format for specifying network inputs

termcap
Path Finder
‎06-10-2021 09:44 PM

Hi,

The Splunk documentation for inputs.conf presents the format to add a network input as follows [Notice the ":" before the port number]

 

[tcp://:9995]
connection_host = dns
sourcetype = log4j
source = tcp:9995

 

 I went ahead and added a network input from Splunk Web and checked the inputs.conf file and found a different format as shown below. [Notice the lack of ":" before 1333]

 

[tcp://1333]
connection_host = dns
host = splunk-indx1
sourcetype = log4php

 

 So what is the appropriate format ?

Thanks,

Termcap

Labels (1)
Labels
0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎06-10-2021 10:03 PM

Hi @termcap 

An example from inputs.conf spec below, however i find your both settings should work fine.

 

# The following configuration listens on TCP port 9995 for raw
# data from ANY remote server. The host of the data is set as the host name of
# the remote server.  All data will also be assigned the sourcetype "log4j" and
# the source "tcp:9995".
[tcp://:9995]
connection_host = dns
sourcetype = log4j
source = tcp:9995

 

 

-----

An upvote would be appreciated if it helps!

0 Karma
Reply

termcap
Path Finder
‎06-10-2021 10:10 PM

Hi @venkatasri, I think both are indeed working fine, but I'm just wondering what is the reason for the difference in the documentation and the way Splunk web writes the configuration file when a network input is added.

0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎06-10-2021 10:16 PM

Could be a backward compatibility they both are same without remote_server port just listens on every host available that's the purpose.  

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...