Re: can forwarder using admin account on mac?

johnny21 · ‎04-28-2011

Good Evening,

I am trying to run the following command from a Mac workstation on the latest "Splunk Free" license.

./splunk add forward-server 10.0.155.112:9997 

Splunk username: admin 

Password: 
Login failed

When I try to add an account to setup the forwarder, splunk tells me the following:

"Users is an Enterprise license-level feature and is currently not available on this instance.
To enable this and other Enterprise features, learn more about licenses at Splunk.com or contact Splunk Sales directly."

Am I doing something wrong or is the free version designed primarily for windows? Or is there a setting which will allow the admin account to authenticate this user for forwarding? Thanks for the help.

liveauctioneers · ‎06-16-2011

If you're doing what I was doing (entering the password that you set for your receiver), try admin/changeme - It seems that forwarder has its own credentials.

gkanapathy · ‎04-28-2011

looks like a bug to me, but if you're using a forwarder, you should enable the forwarder license instead of the free license. in either case, you should be able to enable forwarding by creating a configuration file, which I always prefer to executing the command. Create outputs.conf:

[tcpout]
defaultGroup = indexerGroup

[tcpout:indexerGroup]
server = 10.0.155.112:9997

can forwarder using admin account on mac?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?