Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting up Splunk receiver through TCP/IP

Caio_Santos
Path Finder
‎09-13-2010 08:42 PM

Hey everybody,

I'm going through some problems trying to set my receiver splunk instance. I performed exactely the ways which is described on the documantation, although Im still getting one error when I attempt to save my new date TCP input.

That's the error:

Encountered the following error while trying to save: In handler 'raw': TCP port 333 is not available.

As I said before, I followed each step on the docs, but for sure I'm missing something. I am sorry if I am being an ignorant, but I'm just starting with splunk.

Thank you in advance.

Tags (1)
Reply
2 Solutions
Solved! Jump to solution
Solution

southeringtonp
Motivator
‎09-13-2010 08:51 PM

Is something else running on port 333 already? At the command line, try running netstat -an to check.

Also, if you are running Splunk as a non-root user, Splunk will not be able to bind to ports below 1024, as those ports are considered privileged.

Do you have the same problem with other port numbers, especially with port numbers above 1024?

View solution in original post

Reply
Solved! Jump to solution
Solution

Genti
Splunk Employee
Splunk Employee
‎09-13-2010 09:09 PM

Caio, is this on a unix box?
If so, there might be a permission issue as only root can open ports under 1024.
You can try listening to tcp on a higher port, say 9001. Let us know if you get similar errors then.
Cheers,
.gz

View solution in original post

Reply
Solved! Jump to solution
Solution

Genti
Splunk Employee
Splunk Employee
‎09-13-2010 09:09 PM

Caio, is this on a unix box?
If so, there might be a permission issue as only root can open ports under 1024.
You can try listening to tcp on a higher port, say 9001. Let us know if you get similar errors then.
Cheers,
.gz

Reply
Solved! Jump to solution
Solution

southeringtonp
Motivator
‎09-13-2010 08:51 PM

Is something else running on port 333 already? At the command line, try running netstat -an to check.

Also, if you are running Splunk as a non-root user, Splunk will not be able to bind to ports below 1024, as those ports are considered privileged.

Do you have the same problem with other port numbers, especially with port numbers above 1024?

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...