×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
joel_roberts
Engager
Member since: ‎03-21-2016
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎03-21-2016
Topics I've Started
No posts to display.
View All

Re: 6.2 Forwarder Configuration on Linux: Why am I...

by in Getting Data In
‎12-10-2020 03:20 AM
‎12-10-2020 03:20 AM
I was getting the same error message when I tried to ingest data from CheckPoint LogExporter Log Server to Intermediate Heavy Forwarder. I tried to use port numbers below 1024 and 9997. It is not mentioned anywhere in the documentation that you can't use these ports to ingest data from LogExporter to Splunk. It turned-out that you can't use port numbers below 1024 if you are not running as "root" or "root privileges". You can't also use port 9997, because it's reserved for "cooked" data ingestion from Splunk Forwarder to indexer or heavy forwarder. In the end, I chose port 18188 and it worked. I hope that this info helps someone who runs into the same problem as I did. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All