
Enable a receiver for Splunk Enterprise
A receiver is a Splunk software instance that is configured to listen on a specific port for incoming communications from a forwarder. Usually, the receiver is an indexer or a cluster of indexers.
Sometimes the receiver is another forwarder, which is called an intermediate forwarder. To learn more about how intermediate forwarders work, see Configure an intermediate forwarder.
A Splunk Cloud receiving port is configured and enabled by default. Instead, you need credentials to access it. See Install and configure The Splunk Cloud universal forwarder credentials package.
Configure a receiver using Splunk Web
Use Splunk Web to configure a receiver:
- Log into Splunk Web as a user with the admin role.
- In Splunk Web, go to Settings > Forwarding and receiving.
- Select "Configure receiving."
- Verify if there are existing receiver ports open. You cannot create a duplicate receiver port. The conventional receiver port configured on indexers is port
9997
. - Select "New Receiving Port."
- Add a port number and save.
Splunk Web is only available with Splunk Enterprise, not the universal forwarder.
Configure a receiver using the command line
Use the command line interface (CLI) to configure a receiver:
- Open a shell prompt
- Change the path to $SPLUNK_HOME/bin
- Type:
splunk enable listen <port> -auth <username>:<password>
. - Restart Splunk software for the changes to take effect.
*nix example | Windows example |
---|---|
./splunk enable listen 9997 -auth admin:password |
splunk enable listen 9997 -auth admin:password |
Configure a receiver using a configuration file
Configure a receiver using the inputs.conf
file:
- Open a shell prompt
- Change the path to
$SPLUNK_HOME/etc/system/local
. - Edit the
inputs.conf
file. - Create a
[splunktcp]
stanza and define the receiving port. Example:[splunktcp://9997] disabled = 0
- Save the file.
- Restart Splunk software for the changes to take effect.
PREVIOUS Install a *nix universal forwarder |
NEXT Install and configure the Splunk Cloud Platform universal forwarder credentials package |
This documentation applies to the following versions of Splunk® Universal Forwarder: 8.2.6
Feedback submitted, thanks!