- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- "splunk offline" command prompts for username and ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"splunk offline" command prompts for username and password. How to bypass it without providing the password in an rc script?
Hello,
I am trying to setup a rc script on our indexer so that Splunk does 'splunk offline' whenever the indexer is being shutdown or rebooted.
Issue is, when 'splunk offline' is issued, it is prompting for username and password. I know I can provide -auth admin:password, but then I end up hard coding that in my rc script. Is there some other way?
Thanks,
Simon Mandy
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
A good practice is to share the same secret key in your Splunk environment.
Then you can encrypt / decrypt hash password using the secret key.
In your script development, you can just load the hash password value from a config file of your own, or even store it in splunk-launch.conf, then undecrypt its value in the script and finally launch your command
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
are you referring to pass4SymmKey under [general] in server.conf? I do have this setup as same across servers.
Now how do i perform encrypt and decrypt in my shell script? using openssl ?
Can you give me an example please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure:
To encrypt a password:
echo -n "myclearpassword" |openssl bf -e -a -pass file:/opt/splunk/etc/auth/splunk.secret
To decrypt:
echo "myhashed_password" | openssl enc -base64 -d | openssl bf -d -pass file:/opt/splunk/etc/auth/splunk.secret
Regards,
Guilhem
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There used to be a hack that worked but it was a bug and Splunk fixed it. I know of no way to access splunk's "passworded" capabilities without giving a password. I would look at setting up an account that does not auto-logoff and then see if you can federate Splunk with Single-Sign-On. That way you can sign on once, and never sign out and keep using this user.
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
New in Observability Cloud - Explicit Bucket Histograms
