
Enable a receiver for Splunk Enterprise
A receiver is a Splunk software instance that is configured to listen on a specific port for incoming communications from a forwarder. Usually, the receiver is an indexer or a cluster of indexers.
For Splunk Enterprise forwarder and indexer compatibility see Compatibility between forwarders and Splunk Enterprise indexers in the Splunk Products Version Compatibility Matrix manual.
Sometimes the receiver is another forwarder, which is called an intermediate forwarder. To learn more about how intermediate forwarders work, see Configure an intermediate forwarder.
A Splunk Cloud receiving port is configured and enabled by default. Instead, you need credentials to access it. See [http://docs.splunk.com/Documentation/Forwarder/8.2.6/Forwarder/ConfigSCUFCredentials Install and configure The Splunk Cloud universal forwarder credentials package].
Configure a receiver using Splunk Web
Use Splunk Web to configure a receiver:
- Log into Splunk Web as a user with the admin role.
- In Splunk Web, go to Settings > Forwarding and receiving.
- Select "Configure receiving."
- Verify if there are existing receiver ports open. You cannot create a duplicate receiver port. The conventional receiver port configured on indexers is port
9997
. - Optionally select "New Receiving Port."
- Add a port number and save.
Splunk Web is only available with Splunk Enterprise, not the universal forwarder.
Configure a receiver using the command line
Use the command line interface (CLI) to configure a receiver:
- Open a shell prompt
- Change the path to $SPLUNK_HOME/bin
- Type:
splunk enable listen <port> -auth <username>:<password>
. - Restart Splunk software for the changes to take effect.
*nix example | Windows example |
---|---|
./splunk enable listen 9997 -auth admin:password |
splunk enable listen 9997 -auth admin:password |
Configure a receiver using a configuration file
Configure a receiver using the inputs.conf
file:
- Open a shell prompt
- Change the path to
$SPLUNK_HOME/etc/system/local
. - Edit the
inputs.conf
file. - Create a
[splunktcp]
stanza and define the receiving port. Example:[splunktcp://9997] disabled = 0
- Save the file.
- Restart Splunk software for the changes to take effect.
PREVIOUS Uninstall the universal forwarder |
NEXT Install and configure the Splunk Cloud Platform universal forwarder credentials package |
This documentation applies to the following versions of Splunk® Universal Forwarder: 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.1.0, 9.1.1, 9.1.2
Feedback submitted, thanks!