Getting Data In

metrics statsd

asabatini23
Explorer

Hi,

I configured my statsd deamon and splunk to the same instance, I configured the stats deamon on the port 8125.

When I try to configure the UDP input on splunk I received this message:

Parameter name: UDP port 8125is not available.

why

Tags (2)
0 Karma

13tsavage
Communicator

What steps are you doing to configure your statsd daemon input? Have you got splunk installed and running before setting up your input?

0 Karma

asabatini23
Explorer

Yes, my splunk is up and works fine, also my statsd deamon works fine because receive metrics from mother hosts, only the input on splunk doesn't works, I understand the statsd and splunk use the same port but I only follow the documentation.

https://docs.splunk.com/Documentation/Splunk/8.0.1/Metrics/GetMetricsInStatsd

0 Karma

13tsavage
Communicator

So this error is appearing when you attempt to add the UDP port 8125 monitor input. I am assuming that UDP port is being used by statsd as you had stated. From the error, it sounds like splunk is trying to use udp port 8125 instead of monitor.

Have you tried adding a udp stanza to an inputs.conf file directly?

Give this a try. See Configure a UDP input in Get data from TCP and UDP ports. It is best practice to create a new app in /etc/apps for this new data source, but just try adding that [udp://..] stanza to $SPLUNK_HOME/etc/system/local/inputs.conf. After you add the stanza make sure to restart splunk, and check if that works.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...