Splunk Search

We have an app on a server for which we want to send logs to splunk.

samqadir
New Member

We have an app on a server for which we want to send logs to splunk. The splunk host is listening on 9997 while our server is sending data via inconsistent ports. We want to make splunk forwarder to use 9997 to send data to splunk host server.

LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess
XXXXXXXXX.13 65518(This changes) XXXXXXXXXXXX 9997 Established Internet splunkd.exe

Please help what we need to do so that the local port is listening to forwarders on 9997 to send data to host on their 9997 port.

Tags (1)
0 Karma

xpac
SplunkTrust
SplunkTrust

The Port used to initiate a connection from is random for several reasons, and this behaviour is common practice.

Splunk doesn't offer a config parameter to change this, and (if I remember correctly) is behavior determined on a lower level (C library/operating system).

I can't think of a good reason to force this to be a fixed port - maybe you can explain why you want to do this? Maybe we can find an alternative, or there is simply a misunderstanding in how this is supposed to work?

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...