All Apps and Add-ons

Unable to login from forwarder to Splunk server

umustafa_1985
New Member

Splunk server ip = 192.168.153.139
Forwarder IP = 192.168.153.133

/opt/splunkforwarder/bin/splunk cmd /opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/setup.sh

Im trying to install Splunk for unix and linux on Forwarder . When i do this

*** Splunk> nix command-line setup > REMOTE LOGIN **

Please enter the full URI for the
remote server
for example,
'https://remotehost:8089'
Enter URI: http://192.168.153.139:8089
connecting to the remote server
'http://192.168.153.139:8089'
enter your credentials to the remote
server below:

Splunk username: admin Password: Login
failed Login Failed

remote login failed

Press Enter to continue

Still i continued and it gave me multiple options

*** Splunk> nix command-line setup > MAIN MENU **

You are currently managing Splunk server 'rhel-test'

Please choose from one of the following options:

1 - show *nix input status
2 - manage *nix inputs
3 - install/upgrade app
4 - change credentials
5 - connect to remote instance

0 - logout and exit program

Enter selection:

i selected 2 . and it gave me more options

*** Splunk> nix command-line setup > MANAGE INPUTS **

You are currently managing Splunk server 'rhel-test'

Please choose from one of the following options:

1 - manage one input
2 - enable all inputs
3 - disable all inputs
4 - go back to main menu

0 - logout and exit program

Enter selection:

Again i selected 2 and accepted. But this time it slapped me with this error

enabling /Library/Logs
enable failed

enabling ~/Library/Logs
enable failed

enabling /var/log
enable failed

enabling /var/adm
enable failed

enabling /etc
enable failed

What im doing wrong. any suggestion .....

0 Karma

jkat54
SplunkTrust
SplunkTrust

what password are you using?

If it's the default "changeme" then you need to change the password before the API is able to be managed remotely. So if its "changeme", log onto that forwarder and change the password to something else.

./splunk edit user admin -password 'v3rySecur3!' -role admin -auth admin:changeme

mukuru74
New Member

I change the default password. Still not working.
Have the same problem as umustafa_1985

0 Karma

jkat54
SplunkTrust
SplunkTrust

Do you have any special shell characters in your password like $? If so you have to escape them with a \

For example. pa$$w'rd would become pa\$\$w\'rd

0 Karma

jkat54
SplunkTrust
SplunkTrust

Hi, you didnt specify https, but http instead. It should be https as per the example:

Please enter the full URI for the
remote server
for example,
'https://remotehost:8089'
Enter URI: 

You gave it this: http://192.168.153.139:8089

0 Karma

umustafa_1985
New Member

yes, also tried that. even though Splunk server is running on http. But in this from CLI i tried https that reply came LOGIN FAILED.....

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...