Solved: Have difficulty to add forward server

xinlunsm · ‎12-21-2012

Hi,

I installed Splunk 5.0 with *nix on a windows server 2008 r2, and installed Splunk Forwarder on a Linux server and started it. I have enabled port 9000 in Splunk manager for forwarder, and also check the post was not be blocked by fire wall. Then I try to add a forward-server from Linux box which has forwarder installed. But it always gave me an error message - "Login failed, unanthorized" but i am sure the user name "admin" and the password are working, since I can use the same user/pass to login Splunk. Did I missed something? BTW, the command I used to add forward-ser is :
"[root@xxx ~]# /opt/splunkforwarder/bin/splunk add forward-server xxx.xxx.xxx.xxx:9000"

Any idea? Thanks

Lu

Ayn · ‎12-21-2012

The password is not for the Splunk indexer, it's for the local forwarder. If you didn't change the password there, it's "changeme".

View solution in original post

Ayn · ‎12-21-2012

The password is not for the Splunk indexer, it's for the local forwarder. If you didn't change the password there, it's "changeme".

xinlunsm · ‎12-21-2012

Thanks a lot, i thought the user name and password is used to subscribe the forward service to Splunk manager, what a ???? I am, ^-^

Have difficulty to add forward server

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation