I've just upgraded to Splunk 4.2 and have installed and started the UF on a Linux box. But when I try to run,
./splunk add forward-server <myip>:9997
I get prompted for a Splunk username and password. I've tried my Splunk indexer username (trial version at the moment) and local user credentials, but am obviously missing the point. Do I need to create a Splunk user (./splunk add user ...) on this machine first? If so, does this need to match a local user that the daemon will use?
I have installed the Win32 UF to send to my indexer and that's working fine.
Seems like this should be obvious (and I'm feeling dumb) but I can't find anything in the Docs. Thanks.
... View more