Getting Data In

Why am I getting "Login failed" trying to add a Splunk universal forwarder?


I am using Splunk Enterprise (Amazon Market Place AMI)
I have added Forwarding receiving port 9997
Installed universal forwarder and adding the forwarder to server failed: is my serverIP

PRODUCTION [root@jenkins bin]$ ./splunk add forward-server -auth admin:abcdef@123
Login failed

But using console with the same password and same username, I am able to login.

Please Help.

0 Karma


If you installed the forwarder fresh, without any custom method which sets the authentication, the default credential would be admin:changeme on the Universal forwarder. The above command is run on the universal forwarder and the credentials passed is for the Universal forwarder instance.

Try like this

./splunk add forward-server -auth admin:changeme

Or setup admin credentials on universal forwarder to use the same credentials (admin: PasswordFromIndexer) either using CLI OR using user-seed.conf