Installation
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Configuration for port 9997 already exists.

jaxxsplunk
Explorer
‎01-25-2016 06:30 PM

Setting up SPLUNK Reciever
I get the following error - Configuration for port 9997 already exists.
Netstat shows that port 9997 is listening
SHould I simply choose another port or is SPLUNK already using this port? (How can I check that?)

Tags (1)
0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎01-25-2016 11:50 PM

If you only have a single instance of Splunk on your machine, chances are you configured the input but perhaps its not in the normal system configuration location. The configuration should still see it, you can check

*Settings -> Forwarding and Receiving -> Configure Receiving *

Alternatively, from the CLI you can do

$splunk_home/bin/splunk btool inputs list splunktcp --debug

Run that from the bin directory where Splunk is installed. That will show you all splunkTCP inputs configured and the configuration file it exists in. You can remediate from there.

0 Karma
Reply

boopaljothi
Explorer
‎01-25-2016 08:08 PM

if you see this you already have instance listening. choose different port for your use

netstat -an | find "9997"
TCP 0.0.0.0:9997 0.0.0.0:0 LISTENING
TCP 10.0.0.35:9997 10.0.0.9:49965 ESTABLISHED

0 Karma
Reply

renjith_nair
Legend
‎01-25-2016 07:53 PM

If 9997 is already listening, you have a splunk instance running , probably with a different user

Try this to get the process id

 lsof -i TCP:9997
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

jaxxsplunk
Explorer
‎01-25-2016 08:22 PM

Thanks. Splunk Indexer (Receiver) is listening on port 9997.
Thanks.
I installed a forwarder on a Windows 7 client....not getting any data to Receiver (On a windows server).
I have the free version of SPLUNK to become more familiar with it.
Tried the CLI to start the forwarder to send data to receiver...nothing is being shipped.
Any help is appreciated. Still reading the various docs at Splunk's site.

0 Karma
Reply

renjith_nair
Legend
‎01-25-2016 09:29 PM

Are these on two different windows server? Is the port open on the firewall ? What you see in splunkd logs on the forwarder?

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...
Top