Installation

can forwarder using admin account on mac?

johnny21
Path Finder

Good Evening,

I am trying to run the following command from a Mac workstation on the latest "Splunk Free" license.

./splunk add forward-server 10.0.155.112:9997 

Splunk username: admin 

Password: 
Login failed

When I try to add an account to setup the forwarder, splunk tells me the following:

"Users is an Enterprise license-level feature and is currently not available on this instance.
To enable this and other Enterprise features, learn more about licenses at Splunk.com or contact Splunk Sales directly."

Am I doing something wrong or is the free version designed primarily for windows? Or is there a setting which will allow the admin account to authenticate this user for forwarding? Thanks for the help.

0 Karma

liveauctioneers
Engager

If you're doing what I was doing (entering the password that you set for your receiver), try admin/changeme - It seems that forwarder has its own credentials.

gkanapathy
Splunk Employee
Splunk Employee

looks like a bug to me, but if you're using a forwarder, you should enable the forwarder license instead of the free license. in either case, you should be able to enable forwarding by creating a configuration file, which I always prefer to executing the command. Create outputs.conf:

[tcpout]
defaultGroup = indexerGroup

[tcpout:indexerGroup]
server = 10.0.155.112:9997
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!