Splunk Http Event Collector Socket Error


I've been trying for a few days now to setup a HEC on a Splunk Heavy Forwarder and having issues with the splunkd process binding to the default tcp/8088 port.

I can see this error within the splunkd.log

FATAL HTTPServer - Could not bind to port 8088

However, I can verify that my localhost is listening on the port

netstat -tulpn | grep 8088
tcp      129      0  *               LISTEN      13924/splunkd

Also you can notice the queue filling up on that port

I've configured the Splunk HEC global settings on the Splunk Web UI already and enabled the http input in the inputs.conf file already.
I've configured to accept connections over SSL and enabled those settings also within the inputs.conf file as well

enableSSL = 1
#requireClientCert = false
#privKeyPath = /opt/splunk/etc/auth/splunk-certs/splunkforwarder.key
serverCert = /opt/splunk/etc/auth/splunk-certs/splunkforwarder.pem
#rootCA = /opt/splunk/etc/auth/splunk-certs/ca-chain.pem

Any help would be greatly appreciated!

0 Karma


I'm like 90% sure it has to do with a SSL issue, I just can't seem to pinpoint where to look.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...