I have installed SUF 7.3.4 on UNIX(Solaris 10) Server and when I run splunk list guid or splunk list monitor I am getting "Splunk username".
I have a user "splunkma" configured that I use to stop / start splunkd process.
Please advice. Thanks.
When a Splunk CLI command prompts for a username, it is expecting the name of a Splunk admin account. The Unix account that runs Splunk will not work. It must be the admin account you created when you installed the forwarder.
Ok. Thanks for the follow-up/information.
I have created the file user-seed.conf file in $SPLUNK_HOME/etc/system/local as
pre installation instruction.
The user-seed.conf file is only used the first time the Splunk UF starts, and is automatically deleted.
(from what I read in the installation instruction)
In my case every time I run for example splunk list monitor or splunk list guid I still see:
Your session is invalid. Please login.
If I type admin as login and the admin passwd I am getting the GUID info however in other servers/in other installation that I did in the past I did not have this issue.
I am trying to see why in this specific case I ha/opt/splunkforwarder/etcve this problem.
I tried to remove the file: /opt/splunkforwarder/etc/passwd and I restarted splunkd process
but still is asking me the same "credential message".
Please any suggestion will be great. Thanks.
I'm not understanding the problem. What's wrong with needing to sign in to the forwarder before a command will work? Credentials usually are cached so you don't have to re-enter them with every command, but the cache is cleared when the UF restarts.
Deleting the etc/passwd file removes all credentials so you no longer will be able to authenticate. Unlike older versions of Splunk, there are no default credentials created when the passwd file is removed.