Splunk Http Event Collector Socket Error


I've been trying for a few days now to setup a HEC on a Splunk Heavy Forwarder and having issues with the splunkd process binding to the default tcp/8088 port.

I can see this error within the splunkd.log

FATAL HTTPServer - Could not bind to port 8088

However, I can verify that my localhost is listening on the port

netstat -tulpn | grep 8088
tcp      129      0  *               LISTEN      13924/splunkd

Also you can notice the queue filling up on that port

I've configured the Splunk HEC global settings on the Splunk Web UI already and enabled the http input in the inputs.conf file already.
I've configured to accept connections over SSL and enabled those settings also within the inputs.conf file as well

enableSSL = 1
#requireClientCert = false
#privKeyPath = /opt/splunk/etc/auth/splunk-certs/splunkforwarder.key
serverCert = /opt/splunk/etc/auth/splunk-certs/splunkforwarder.pem
#rootCA = /opt/splunk/etc/auth/splunk-certs/ca-chain.pem

Any help would be greatly appreciated!

0 Karma


I'm like 90% sure it has to do with a SSL issue, I just can't seem to pinpoint where to look.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!