Security

Some splunk command lines ask for username; forwarders don't have user?

gowen
Path Finder

I'm trying to debug some issues with the deployment server. This causes me to want to run things like 'splunk display deploy-client' on the forwarder, but when I do so it asks for credentials:

[root@frwrdr ~]# splunk display deploy-client
Splunk username:

I do not know what credentials it will accept. If I do this on the indexer/search head, then my normal Splunk credentials (which are backed by LDAP authentication) work. However, that is not the case on the forwarder host. Nor do my local credentials on the forwarder host work.

What should I be doing here? Setting a password for the local 'splunk' user and using that?

1 Solution

jbsplunk
Splunk Employee
Splunk Employee

The forwarder has the same credentials by default as the indexer does. The default l/p is admin/changeme. You should use that account, but change the password from the default.

View solution in original post

balajiswz
New Member

$SPLUNK_HOME/bin/splunk set deploy-poll :8089 -auth admin:changeme
No users exist. Please set up a user.,

0 Karma

mstewart_splunk
Splunk Employee
Splunk Employee

So what you need to do is specify the password, but not the user. Simply do:

/opt/splunkforwarder/bin/splunk set deployment-poll HOSTNAME:8089 -auth :changeme

/opt/splunkforwarder/bin/splunk display deploy-client -auth :changeme

wdhathaway
Explorer

The default credentials are admin:changeme, so use those until you set it, which you can do with

/opt/splunkforwarder/bin/splunk edit user admin -password YOUR_NEW_PASSWORD -auth admin:changeme

jbsplunk
Splunk Employee
Splunk Employee

The forwarder has the same credentials by default as the indexer does. The default l/p is admin/changeme. You should use that account, but change the password from the default.

jbsplunk
Splunk Employee
Splunk Employee

Glad I could help out. Please feel free to upvote if you found this useful.

0 Karma

shprayag
New Member

I'm getting error while using admin/changeme combination as well. Any guesses?

0 Karma

gowen
Path Finder

Excellent, the admin user works. I suppose it shouldn't be surprising that LDAP users won't chain out to forwarders. Thanks!

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...