Splunk Stream Listen Localhost and Local Interface

Getting Data In

Hi, I try to listen local network adapter and localhost traffic. For that I am using splunk stream on windows 10 machine. But I noticed splunk stream doesn’t capture traffic localhost and network adapters same time. Is there a any bug ? Or that’s normal ?
My main purpose is listen TDS traffics. If I write adapters names one by one is that works.
For example in streamfwd.conf

[streamfwd]
port = 8889
ipAddr = 127.0.0.1
streamfwdcapture.0.interface = \Device\NPF_{D4BEDB74-F8CD-4A72-8615-ABF1E3E8823B}

Thats work. Also that’s work.

[streamfwd]
port = 8889
ipAddr = 127.0.0.1
streamfwdcapture.0.interface = \Device\NPF_Loopback

But that doesn’t work.

[streamfwd]
port = 8889
ipAddr = 127.0.0.1
streamfwdcapture.0.interface = \Device\NPF_{D4BEDB74-F8CD-4A72-8615-ABF1E3E8823B}
streamfwdcapture.1.interface = \Device\NPF_Loopback

How can I fix this. I have to listen all interfaces.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...