Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Some splunk command lines ask for username; forwarders don't have user?

gowen
Path Finder
‎02-28-2012 11:17 AM

I'm trying to debug some issues with the deployment server. This causes me to want to run things like 'splunk display deploy-client' on the forwarder, but when I do so it asks for credentials:

[root@frwrdr ~]# splunk display deploy-client
Splunk username:

I do not know what credentials it will accept. If I do this on the indexer/search head, then my normal Splunk credentials (which are backed by LDAP authentication) work. However, that is not the case on the forwarder host. Nor do my local credentials on the forwarder host work.

What should I be doing here? Setting a password for the local 'splunk' user and using that?

Reply
1 Solution
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎02-28-2012 11:24 AM

The forwarder has the same credentials by default as the indexer does. The default l/p is admin/changeme. You should use that account, but change the password from the default.

View solution in original post

Reply
Solved! Jump to solution

balajiswz
New Member
‎07-10-2019 07:58 AM

$SPLUNK_HOME/bin/splunk set deploy-poll :8089 -auth admin:changeme
No users exist. Please set up a user.,

0 Karma
Reply
Solved! Jump to solution

mstewart_splunk
Splunk Employee
Splunk Employee
‎10-30-2018 03:02 PM

So what you need to do is specify the password, but not the user. Simply do:

/opt/splunkforwarder/bin/splunk set deployment-poll HOSTNAME:8089 -auth :changeme

/opt/splunkforwarder/bin/splunk display deploy-client -auth :changeme
Reply
Solved! Jump to solution

wdhathaway
Explorer
‎02-28-2012 11:27 AM

The default credentials are admin:changeme, so use those until you set it, which you can do with

/opt/splunkforwarder/bin/splunk edit user admin -password YOUR_NEW_PASSWORD -auth admin:changeme

Reply
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎02-28-2012 11:24 AM

The forwarder has the same credentials by default as the indexer does. The default l/p is admin/changeme. You should use that account, but change the password from the default.

Reply
Solved! Jump to solution

jbsplunk
Splunk Employee
Splunk Employee
‎02-28-2012 11:28 AM

Glad I could help out. Please feel free to upvote if you found this useful.

0 Karma
Reply
Solved! Jump to solution

shprayag
New Member
‎11-17-2016 06:55 AM

I'm getting error while using admin/changeme combination as well. Any guesses?

0 Karma
Reply
Solved! Jump to solution

gowen
Path Finder
‎02-28-2012 11:28 AM

Excellent, the admin user works. I suppose it shouldn't be surprising that LDAP users won't chain out to forwarders. Thanks!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...