Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I set up a login to Splunk forwarder?

wsanderstii
Path Finder
‎04-28-2017 11:36 AM

Apparently the Splunk forwarder (splunkforwarder) has a web interface listening on port 8089. When I try to login with "admin/changeme" I get "Remote login has been disabled for 'admin' with the default password. Either set the password, or override by changing the 'allowRemoteLogin' setting in your server.conf file."

I can't find documentation on how to set a user and password up on this interface. Can this be done? Does the interface return any useful info?

Thanks w

Reply

mikki
Explorer
‎06-13-2024 01:28 PM

Upgraded to splunk universal forward 9.1.0 from 9.0.2. 

./splunk list monitor gives me the following error with default password : "Remote login has been disabled for 'admin' with the default password. Either set the password, or override by changing the 'allowRemoteLogin' setting in your server.conf file." for the first time.

tried above command to reset default password: still gives me : "Remote login has been disabled for 'admin' with the default password. Either set the password, or override by changing the 'allowRemoteLogin' setting in your server.conf file."

Looking for any answers.

Reply

dineshraj9
Builder
‎04-29-2017 12:44 AM

You can open the management port(default 8089) on the forwarder, but to access this port you need to change the default admin password on the forwarder from "changeme" to something different. Once you have done that, you can access the apps and configurations on the forwarder using REST endpoint and get information on inputs and outputs.

Change password - ./splunk edit user admin -password foo -role admin -auth admin:changeme

Restart forwarder

Access rest endpoint - https://forwarder1.mycompany.com:8089/services/data/inputs/ and enter admin credentials or

OR use CURL command - curl -k -u admin:<password> https://forwarder1.mycompany.com:8089/services/data/inputs/

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...