Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

indexer discovery - Why is Heavy forwarder clear text password not being encrypted?

kumaranv
Path Finder
‎01-09-2023 05:16 AM

In indexer discovery method, Heavy forwarder clear text password not being encrypted after restart. Please help

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kumaranv
Path Finder
‎01-09-2023 07:25 AM

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

View solution in original post

Tags (1)
0 Karma
Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎01-09-2023 05:57 AM

Hi @kumaranv,

Could you please show us your Heavy Forwarder outputs.conf setting (pass4SymmKey masked) ? Maybe there is something wrong with the settings.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution

kumaranv
Path Finder
‎01-09-2023 06:56 AM

It is in home practice

in $Splunk/etc/system/local/outputs.conf

[indexer_discovery:idxpeers]
pass4SymmKey = admin1234
manager_uri = https://192.168.1.180:8089

[tcpout:idxdis]
indexerDiscovery = idxpeers

[tcpout]
defaultGroup = idxdis
indexAndForward = 0

0 Karma
Reply
Solved! Jump to solution

kumaranv
Path Finder
‎01-09-2023 07:01 AM

in Master Node:
in .../etc/system/local/server.conf

[indexer_discovery]
pass4SymmKey = $7$1k1xTHTMxuk2ekDYjDOt9oIONOK3MHxxxxxxxxxxxxxxxx=

pass4SymmKey was set to admin1234 and after restart i t got encripted

I hope it should happen to HF pass4SymmKey also

Thanks

 

0 Karma
Reply
Solved! Jump to solution
Solution

kumaranv
Path Finder
‎01-09-2023 07:25 AM

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

Tags (1)
0 Karma
Reply
Solved! Jump to solution

kumaranv
Path Finder
‎01-09-2023 07:45 AM

I used the command 
./splunk btool check

to identify error in stanzas in conf

 

 

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎01-09-2023 05:23 AM

Hi @kumaranv,

restart by console viewing eventual error messages, check again and if it's still present open immediately a case P1 to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...