Splunk Search

We have an app on a server for which we want to send logs to splunk.

samqadir
New Member

We have an app on a server for which we want to send logs to splunk. The splunk host is listening on 9997 while our server is sending data via inconsistent ports. We want to make splunk forwarder to use 9997 to send data to splunk host server.

LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess
XXXXXXXXX.13 65518(This changes) XXXXXXXXXXXX 9997 Established Internet splunkd.exe

Please help what we need to do so that the local port is listening to forwarders on 9997 to send data to host on their 9997 port.

Tags (1)
0 Karma

xpac
SplunkTrust
SplunkTrust

The Port used to initiate a connection from is random for several reasons, and this behaviour is common practice.

Splunk doesn't offer a config parameter to change this, and (if I remember correctly) is behavior determined on a lower level (C library/operating system).

I can't think of a good reason to force this to be a fixed port - maybe you can explain why you want to do this? Maybe we can find an alternative, or there is simply a misunderstanding in how this is supposed to work?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...