During this past week there have occassionally been times when I have tried to log into Splunk and wasn't able to. I have been able to get around the issue by restarting splunkd. Another time I used another browser and that worked. The account I'm using is through LDAP. To test my sanity, I have been copying and pasting the password into one service that also uses LDAP to authenticate. When I copy and paste into Splunk, it doesn't always work. The error I get is simply. "Invalid Username or Password".
I can't think of what network or splunk issues would be causing this. Any info would be appreciated.
Thanks!
Hi @jensonthottian
Where can I find _internal logs? I am having the same issue as well. With the error below upon checking /opt/splunk/var/log/splunk/audit.log
02-26-2019 14:46:03.762 +0000 INFO AuditLogger - Audit:[timestamp=02-26-2019 14:46:03.762, user=galzaga!, action=login attempt, info=failed, src=172.21.3.47][n/a]
Can you check in the splunk _internal logs for error related to your login. I faced a similiar issue and was able to confirm the root cause as connection getting dropped with the LDAP server.
The error in the _internal logs during the same time will confirm this.