Installation

can forwarder using admin account on mac?

johnny21
Path Finder

Good Evening,

I am trying to run the following command from a Mac workstation on the latest "Splunk Free" license.

./splunk add forward-server 10.0.155.112:9997 

Splunk username: admin 

Password: 
Login failed

When I try to add an account to setup the forwarder, splunk tells me the following:

"Users is an Enterprise license-level feature and is currently not available on this instance.
To enable this and other Enterprise features, learn more about licenses at Splunk.com or contact Splunk Sales directly."

Am I doing something wrong or is the free version designed primarily for windows? Or is there a setting which will allow the admin account to authenticate this user for forwarding? Thanks for the help.

0 Karma

liveauctioneers
Engager

If you're doing what I was doing (entering the password that you set for your receiver), try admin/changeme - It seems that forwarder has its own credentials.

gkanapathy
Splunk Employee
Splunk Employee

looks like a bug to me, but if you're using a forwarder, you should enable the forwarder license instead of the free license. in either case, you should be able to enable forwarding by creating a configuration file, which I always prefer to executing the command. Create outputs.conf:

[tcpout]
defaultGroup = indexerGroup

[tcpout:indexerGroup]
server = 10.0.155.112:9997
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...