Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Enable forward-server in Linux Universal Forwarder

frejen
New Member
‎06-17-2011 02:37 AM

Hi,

I have some problems with running the following command.

$ splunk add forward-server host:port

It asks for username and password, i assume that the credentials should be the ones used when logging in to the Splunk WebUI. But authentication fails. I have also tried with the credentials for the local Splunk account. But still no luck.

When reading the Universal Deployment Manual I can not see any information about authentication. I have not added any SSL Cert, i guess this issue can be related to SSL communication between Forwarder and Reciever. But i just want to use the default certs.

I have tried running the command both as root and splunk user. But no luck at all.

Any ideas?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sergemueller
Explorer
‎06-17-2011 02:49 AM

there is a small hint in the universalforwader docu.(i think its a comment)

it is the default login:
admin/changeme

View solution in original post

Reply
Solved! Jump to solution

unwiresplunk
New Member
‎07-31-2013 05:52 AM

Thank you lukejadamec, that was outside my thinking box at the time of writing - the file is like a htpasswd file... I should have noticed that 🙂 Thanks

0 Karma
Reply
Solved! Jump to solution

lukejadamec
Super Champion
‎07-30-2013 08:55 AM

Yes, there is a way to change the password without using the -password parameter.

See this article from Splunk:
docs.splunk.com/Documentation/Splunk/5.0.3/Security/Deploysecurepasswordsacrossmultipleservers

0 Karma
Reply
Solved! Jump to solution

unwiresplunk
New Member
‎07-30-2013 06:47 AM

Is there a way to change the password without using the "-password " parameter on the CLI to avoid using a script to keep .bash_history clean ?

0 Karma
Reply
Solved! Jump to solution
Solution

sergemueller
Explorer
‎06-17-2011 02:49 AM

there is a small hint in the universalforwader docu.(i think its a comment)

it is the default login:
admin/changeme

Reply
Solved! Jump to solution

sergemueller
Explorer
‎06-17-2011 03:02 AM

http://splunk-base.splunk.com/answers/12638/prompt-for-splunk-user-when-configuring-universal-forwar...

search is your friend:)

./splunk edit user admin -password coolNewP455w3rdddd

0 Karma
Reply
Solved! Jump to solution

frejen
New Member
‎06-17-2011 02:50 AM

Hi,

Thank you that did the trick! But the password for "admin" i use to login to WebUI has been changed is not "changeme". How can i change that password?

Frej

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...