Getting Data In

After installing and configuring a universal forwarder on a remote Linux machine, why am I unable to login and connect to the remote instance?

Explorer

On the remote end I see this after installing/configuring Universal Forwarder:

./splunk list forward-server
Splunk username: admin
Password: 
Active forwards:
    10.40.10.69:9997
Configured but inactive forwards:
    None

If I run setup.sh on the Splunk Server I see an option 5 per below:

    Please choose from one of the following options:

1 - show *nix input status
2 - manage *nix inputs
3 - install/upgrade app
4 - change credentials
5 - connect to remote instance

0 - logout and exit program

I select option 5 and try http://nvp02:8089 and I try 10.30.11.25:8089 and neither will let me login
If I try https://nvp02:8089 and I try https://10.30.11.25:8089 I still cannot login
NO LOGINS WORK
If I run setup.sh on the remote server when it asks for the initial login before the menu, I can login with the default spunk uname/pwd
Yes, I can ssh and sftp from the server to the remote linux host.

Why does this not work for me?

Help please

Thank You

0 Karma
1 Solution

Explorer

My own answer, I fixed it
Needed to modify server.conf on the Universal forwarder to include
[general]
allowRemoteLogin =requireSetPassword
and need to change the password from the default
./splunk edit user admin -password "new admin password" -role admin -auth admin:change me

Definitely a documentation issue for sure. Lack thereof.

View solution in original post

Explorer

My own answer, I fixed it
Needed to modify server.conf on the Universal forwarder to include
[general]
allowRemoteLogin =requireSetPassword
and need to change the password from the default
./splunk edit user admin -password "new admin password" -role admin -auth admin:change me

Definitely a documentation issue for sure. Lack thereof.

View solution in original post

Community Manager
Community Manager
0 Karma