Getting Data In

Remote Authentication - Forwarder not sending from internet to PC with DDNS

j666gak
Communicator

Hello,

I am setting up a test lab with Splunk. As I have a VPS (Virtual Private Server) for web hosting I thought it would be a good idea to have some data from a source external to my LAN.

I installed the Universal Forwarder on my VPS, when doing so and setting the Indexer it would not let me enter the correct username and password so I had to set admin:changeme. On my LAN port forwarding is configured and DUC client from NO-IP is installed on the Splunk box, but nothing is being indexed.

Running a netstat on my Splunk box can see active connections from VPS to the Splunk box on port 9997, which is correct as I configured on the forwarder.

The only thing that I can think of is that auth is failing? but how can I fix this if it won't let me set the correct credentials on the forwarder? it fails straight away and looks like it doesn't even query the remote indexer.

Would appreciate any help

Thanks
Guy

0 Karma
1 Solution

j666gak
Communicator

Logged in to the Universal Forwarder, then changed the password. Following this and installing the Unix app on the forwarder it worked great!

All good

View solution in original post

0 Karma

j666gak
Communicator

Logged in to the Universal Forwarder, then changed the password. Following this and installing the Unix app on the forwarder it worked great!

All good

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...

Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents

Tech Talk Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents   Correlating ...

Observability Simplified: Combining User Experience, Application Performance & ...

  Tech Talk Network to App: Observability Unlocked   Today’s digital environments span applications, ...