My Splunk Enterprise don't accept telnet or tcp (m...

Cyner__ · ‎06-07-2024

Hi. I am new to splunk. I have configured everything. I am trying to solve this issue for 2 days.

I have universal forwerder on the ubuntu server with different network. I have downloaded splunk enterprise to my windows 10 computer.

My port 9997 is enabled. Firewall is disabled. Even with zyxel interface i bypassed the port 9997.

My splunk is listening on port 9997.

The thing is with telnet from any other source to my computer (i tried with both my mobile internet and UF client) is still getting denied.

How should i proceed to make it work. Im stuck so bad

Thanks for your helps

this is the mobile internet test with Test-NetConnections to my pc (splunk server i guess)

ComputerName : x.x.x.x <desired.connection>

RemoteAddress : x.x.x.x <desired connection>
RemotePort : 9997
InterfaceAlias : Wi-Fi
SourceAddress : X.x.x.x <my ip>
PingSucceeded : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False

tscroggins · ‎06-08-2024

Hi @Cyner__,

If both devices are connected to your Zyxel access point / router using WiFi, make sure layer-2 isolation is correctly configured for the devices to communicate. You should be able to find instructions for configuring isolation white lists in your Zyxel documentation.

inventsekar · ‎06-07-2024

Hi @Cyner__

from the UF, are you able to ping the indexer?

from the UF to indexer, is telnet working fine?

telnet index:9997 .. is it working fine or not..

My Splunk Enterprise don't accept telnet or tcp (my computer) from different networks

universal forwarder

Windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation