Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Forwarder auth

bauron
Explorer
‎05-30-2012 12:32 PM

I see in the documentation that, when activating a forwarder on the CLI, you pass "-server server:port -auth user:pass". How would I do this in a configuration file? I'm guessing server.conf in $SPLUNK_HOME/etc/apps/SplunkForwarder/local/server.conf but I'm not sure.

Thanks!

Tags (3)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎05-30-2012 01:15 PM

Using the configuration file it will be in $SPLUNK_HOME/etc/system/local/outputs.conf or
$SPLUNK_HOME/etc/apps/<myapp>/local/outputs.conf, like:

[tcpout]
defaultGroup=my_indexers 

[tcpout:my_indexers]
server=mysplunk_indexer1:9997, mysplunk_indexer2:9996

See the documentation at:

http://docs.splunk.com/Documentation/Splunk/4.3.2/Deploy/Configureforwarderswithoutputs.confd
Reply

yannK
Splunk Employee
Splunk Employee
‎06-04-2012 01:46 PM

Ok, so puppet is different.
I would recommend to build a recipe to:
1- push or edit your configuration (outputs.conf)
2- restart the splunk forwarders to apply.

Another solution is to manage the configuration using the API, but it require auth too, like the CLI

0 Karma
Reply

bauron
Explorer
‎06-04-2012 01:24 PM

Hmm, I misunderstood earlier. I want to make sure that the forwarder is not only enabled but also started:
splunk add forward-server : -auth :

Is there a place to do this in the config files? I'm trying to control Splunk with Puppet and having the user:pass in a manifest is not ideal.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎05-31-2012 12:07 PM

the -auth option on the CLI command line is used to avoid typing the admin/user password every time. (useful if you script the CLI configuration)
./splunk add monitor "/var/log/" -auth admin:changeme
When editing the config file you don't need it.

Reply

bauron
Explorer
‎05-31-2012 11:53 AM

Thanks for the reply! What about the -auth part, though?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...