Getting Data In

indexer discovery - Why is Heavy forwarder clear text password not being encrypted?

kumaranv
Path Finder

In indexer discovery method, Heavy forwarder clear text password not being encrypted after restart. Please help

Labels (1)
Tags (1)
1 Solution

kumaranv
Path Finder

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

View solution in original post

Tags (1)

splunkoptimus
Path Finder

I experienced the same error and I had to change manager_uri to master_uri in outputs.conf of the my HF

0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @kumaranv,

Could you please show us your Heavy Forwarder outputs.conf setting (pass4SymmKey masked) ? Maybe there is something wrong with the settings.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma

kumaranv
Path Finder

It is in home practice

in $Splunk/etc/system/local/outputs.conf

[indexer_discovery:idxpeers]
pass4SymmKey = admin1234
manager_uri = https://192.168.1.180:8089

[tcpout:idxdis]
indexerDiscovery = idxpeers

[tcpout]
defaultGroup = idxdis
indexAndForward = 0

0 Karma

kumaranv
Path Finder

in Master Node:
in .../etc/system/local/server.conf

[indexer_discovery]
pass4SymmKey = $7$1k1xTHTMxuk2ekDYjDOt9oIONOK3MHxxxxxxxxxxxxxxxx=

pass4SymmKey was set to admin1234 and after restart i t got encripted

I hope it should happen to HF pass4SymmKey also

Thanks

 

0 Karma

kumaranv
Path Finder

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

Tags (1)

kumaranv
Path Finder

I used the command 
./splunk btool check

to identify error in stanzas in conf

 

 

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @kumaranv,

restart by console viewing eventual error messages, check again and if it's still present open immediately a case P1 to Splunk Support.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...