Hi,
I have a Splunk server that acts as a Monitoring Console for my indexer. I wanted to change the server name of the server with the Monitoring Console, both in inputs.conf and server.conf. After I did so and restarted the instance it will no longer connect to my indexer over REST, and thus information in the Monitoring Console is missing. The error I'm getting is that the authentication token is wrong.
Is there a way of changing the server name on my Monitoring Console without getting authentication errors?
I figured out a way to fix the authentication failure. Although both the pass4SymKey and sslPassword remained the same after the server name change, even if I deleted them and restarted the machine to generate new ones, the Monitoring Console couldn't authenticate to the indexer. To solve it I had to go in the UI to settings > distributed search > search peers > indexer. There I had to re-validate the password for the Splunk admin account used for REST. For some reason the password is deleted (?) when the server name of the Monitoring Console instance is changed.
I figured out a way to fix the authentication failure. Although both the pass4SymKey and sslPassword remained the same after the server name change, even if I deleted them and restarted the machine to generate new ones, the Monitoring Console couldn't authenticate to the indexer. To solve it I had to go in the UI to settings > distributed search > search peers > indexer. There I had to re-validate the password for the Splunk admin account used for REST. For some reason the password is deleted (?) when the server name of the Monitoring Console instance is changed.
Hi. After changing the hostname on OS everthing worked fine. It wasn't before I manually changed the server name in the config files afterwards problems came up. On the OS level I can still ping the machines from eachother.
The error messages I'm getting are the following.
WARN GetRemoteAuthToken - Unable to get authentication token from peeruri="https://indexer:8089/services/admin/auth-tokens"
WARN DistributedPeer - Peer: https://indexer:8089 Failed to get server info from https://indexer:8089/services/server/info response code=401
After changing serverName
in server.conf, did you change pass4SymmKey
to plain text password before restarting?
No. I dond't remember ever setting the pass4SymmKey. Pretty sure it's auto generated. Is it a viable solution to just remove the pass4SymmKey after changing the serverName in server.conf, and then restart the instance? Wouldn't the instance then generate a new pass4SymmKey?
Hi there,
Can you ping your MC from indexer after changing the hostname? Also, what does your splunkd.log say, can you paste the errors?