I have some problems with running the following command.
$ splunk add forward-server host:port
It asks for username and password, i assume that the credentials should be the ones used when logging in to the Splunk WebUI. But authentication fails. I have also tried with the credentials for the local Splunk account. But still no luck.
When reading the Universal Deployment Manual I can not see any information about authentication. I have not added any SSL Cert, i guess this issue can be related to SSL communication between Forwarder and Reciever. But i just want to use the default certs.
I have tried running the command both as root and splunk user. But no luck at all.
Yes, there is a way to change the password without using the -password parameter.
See this article from Splunk: