Installation

can forwarder using admin account on mac?

johnny21
Path Finder

Good Evening,

I am trying to run the following command from a Mac workstation on the latest "Splunk Free" license.

./splunk add forward-server 10.0.155.112:9997 

Splunk username: admin 

Password: 
Login failed

When I try to add an account to setup the forwarder, splunk tells me the following:

"Users is an Enterprise license-level feature and is currently not available on this instance.
To enable this and other Enterprise features, learn more about licenses at Splunk.com or contact Splunk Sales directly."

Am I doing something wrong or is the free version designed primarily for windows? Or is there a setting which will allow the admin account to authenticate this user for forwarding? Thanks for the help.

0 Karma

liveauctioneers
Engager

If you're doing what I was doing (entering the password that you set for your receiver), try admin/changeme - It seems that forwarder has its own credentials.

gkanapathy
Splunk Employee
Splunk Employee

looks like a bug to me, but if you're using a forwarder, you should enable the forwarder license instead of the free license. in either case, you should be able to enable forwarding by creating a configuration file, which I always prefer to executing the command. Create outputs.conf:

[tcpout]
defaultGroup = indexerGroup

[tcpout:indexerGroup]
server = 10.0.155.112:9997
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...