Splunk Search

We have an app on a server for which we want to send logs to splunk.

samqadir
New Member

We have an app on a server for which we want to send logs to splunk. The splunk host is listening on 9997 while our server is sending data via inconsistent ports. We want to make splunk forwarder to use 9997 to send data to splunk host server.

LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess
XXXXXXXXX.13 65518(This changes) XXXXXXXXXXXX 9997 Established Internet splunkd.exe

Please help what we need to do so that the local port is listening to forwarders on 9997 to send data to host on their 9997 port.

Tags (1)
0 Karma

xpac
SplunkTrust
SplunkTrust

The Port used to initiate a connection from is random for several reasons, and this behaviour is common practice.

Splunk doesn't offer a config parameter to change this, and (if I remember correctly) is behavior determined on a lower level (C library/operating system).

I can't think of a good reason to force this to be a fixed port - maybe you can explain why you want to do this? Maybe we can find an alternative, or there is simply a misunderstanding in how this is supposed to work?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...