Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Stream Listen Localhost and Local Interface

batabay
Path Finder
‎07-10-2023 02:17 AM

Hi, I try to listen local network adapter and localhost traffic. For that I am using splunk stream on windows 10 machine. But I noticed splunk stream doesn’t capture traffic localhost and network adapters same time. Is there a any bug ? Or that’s normal ?
My main purpose is listen TDS traffics. If I write adapters names one by one is that works.
For example in streamfwd.conf

 

 

 

[streamfwd]
port = 8889
ipAddr = 127.0.0.1
streamfwdcapture.0.interface = \Device\NPF_{D4BEDB74-F8CD-4A72-8615-ABF1E3E8823B}

 

 

 


Thats work. Also that’s work.

 

 

 

[streamfwd]
port = 8889
ipAddr = 127.0.0.1
streamfwdcapture.0.interface = \Device\NPF_Loopback

 

 

 


But that doesn’t work.

 

 

 

[streamfwd]
port = 8889
ipAddr = 127.0.0.1
streamfwdcapture.0.interface = \Device\NPF_{D4BEDB74-F8CD-4A72-8615-ABF1E3E8823B}
streamfwdcapture.1.interface = \Device\NPF_Loopback

 

 

 


How can I fix this. I have to listen all interfaces.

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...