Getting Data In

indexer discovery - Why is Heavy forwarder clear text password not being encrypted?

kumaranv
Path Finder

In indexer discovery method, Heavy forwarder clear text password not being encrypted after restart. Please help

Labels (1)
Tags (1)
0 Karma
1 Solution

kumaranv
Path Finder

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

View solution in original post

Tags (1)
0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @kumaranv,

Could you please show us your Heavy Forwarder outputs.conf setting (pass4SymmKey masked) ? Maybe there is something wrong with the settings.

 

If this reply helps you an upvote is appreciated.
0 Karma

kumaranv
Path Finder

It is in home practice

in $Splunk/etc/system/local/outputs.conf

[indexer_discovery:idxpeers]
pass4SymmKey = admin1234
manager_uri = https://192.168.1.180:8089

[tcpout:idxdis]
indexerDiscovery = idxpeers

[tcpout]
defaultGroup = idxdis
indexAndForward = 0

0 Karma

kumaranv
Path Finder

in Master Node:
in .../etc/system/local/server.conf

[indexer_discovery]
pass4SymmKey = $7$1k1xTHTMxuk2ekDYjDOt9oIONOK3MHxxxxxxxxxxxxxxxx=

pass4SymmKey was set to admin1234 and after restart i t got encripted

I hope it should happen to HF pass4SymmKey also

Thanks

 

0 Karma

kumaranv
Path Finder

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

Tags (1)
0 Karma

kumaranv
Path Finder

I used the command 
./splunk btool check

to identify error in stanzas in conf

 

 

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @kumaranv,

restart by console viewing eventual error messages, check again and if it's still present open immediately a case P1 to Splunk Support.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW! Every day the list of sources Admins are responsible for gets bigger and bigger, often making ...