Security

Unable to (sometimes) login

Reid_splunk
New Member

During this past week there have occassionally been times when I have tried to log into Splunk and wasn't able to. I have been able to get around the issue by restarting splunkd. Another time I used another browser and that worked. The account I'm using is through LDAP. To test my sanity, I have been copying and pasting the password into one service that also uses LDAP to authenticate. When I copy and paste into Splunk, it doesn't always work. The error I get is simply. "Invalid Username or Password".

I can't think of what network or splunk issues would be causing this. Any info would be appreciated.

Thanks!

0 Karma

kevinalzaga
Observer

Hi @jensonthottian

Where can I find _internal logs? I am having the same issue as well. With the error below upon checking /opt/splunk/var/log/splunk/audit.log

02-26-2019 14:46:03.762 +0000 INFO AuditLogger - Audit:[timestamp=02-26-2019 14:46:03.762, user=galzaga!, action=login attempt, info=failed, src=172.21.3.47][n/a]

0 Karma

jensonthottian
Contributor

Can you check in the splunk _internal logs for error related to your login. I faced a similiar issue and was able to confirm the root cause as connection getting dropped with the LDAP server.

The error in the _internal logs during the same time will confirm this.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...