Getting Data In

indexer discovery - Why is Heavy forwarder clear text password not being encrypted?

kumaranv
Path Finder

In indexer discovery method, Heavy forwarder clear text password not being encrypted after restart. Please help

Labels (1)
Tags (1)
1 Solution

kumaranv
Path Finder

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

View solution in original post

Tags (1)

splunkoptimus
Path Finder

I experienced the same error and I had to change manager_uri to master_uri in outputs.conf of the my HF

0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @kumaranv,

Could you please show us your Heavy Forwarder outputs.conf setting (pass4SymmKey masked) ? Maybe there is something wrong with the settings.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma

kumaranv
Path Finder

It is in home practice

in $Splunk/etc/system/local/outputs.conf

[indexer_discovery:idxpeers]
pass4SymmKey = admin1234
manager_uri = https://192.168.1.180:8089

[tcpout:idxdis]
indexerDiscovery = idxpeers

[tcpout]
defaultGroup = idxdis
indexAndForward = 0

0 Karma

kumaranv
Path Finder

in Master Node:
in .../etc/system/local/server.conf

[indexer_discovery]
pass4SymmKey = $7$1k1xTHTMxuk2ekDYjDOt9oIONOK3MHxxxxxxxxxxxxxxxx=

pass4SymmKey was set to admin1234 and after restart i t got encripted

I hope it should happen to HF pass4SymmKey also

Thanks

 

0 Karma

kumaranv
Path Finder

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

Tags (1)

kumaranv
Path Finder

I used the command 
./splunk btool check

to identify error in stanzas in conf

 

 

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @kumaranv,

restart by console viewing eventual error messages, check again and if it's still present open immediately a case P1 to Splunk Support.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...