Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk 6.1.1 does not ask for password (login screen does not show up)

hombrezuelo
New Member
‎06-23-2014 03:38 PM

Hi everyone

I'm running Splunk 6.1.1 Build 207789 over linux i386 is the free version. So I'm facing this situation, I got troubles with the password. I had to reset the password to recover it. So far is ok but now I got access to splunk web console with out splunk ask for login and password taking to the user automatically to splunk apps.

Tis situation is stopping me to configure splunk universal forwarder for linux hosts. I'm following this how to

http://answers.splunk.com/answers/50082/how-do-i-configure-a-splunk-forwarder-on-linux

So in the step 5 I have this.

Step 5: Configure Forwarder connection to Index Server:
/opt/splunkforwarder/bin/splunk add forward-server hostname.domain:9997

So when I type this command in the linux console the server ask me for login and password

opt/splunkforwarder/bin/splunk add forward-server splunkserver:9997
Splunk username: admin
Password:
Login failed

I'd like to recover the login scree.

Please someone throw me a bone here,

Tags (2)
0 Karma
Reply

paulreiber
New Member
‎01-04-2017 04:17 PM

The Splunk/UniversalForwarder docker image is still hampered by this problem (in my testing anyway) so I'm happy to share details on how I managed to proceed.

You referenced this in your question: https://answers.splunk.com/answers/50082/how-do-i-configure-a-splunk-forwarder-on-linux.html

Well, the help I needed was right in there. Possibly the accepted answer has been beefed up a bit since you first read that page? Right in the first paragraph of the accepted answer you'll find the following about the matter, which was enough to get me past the problem:

Note: the CLI may ask you to authenticate – it’s asking for the LOCAL credentials, so if you haven’t changed the admin password on the forwarder, you should use admin/changeme

Here are the bash commands I used:

## replace ip.ad.re.ss:port in 2 places below with the ip address for your splunk 
## enterprise server and port number for the receiver you configured under
## Settings / Forwarding and Receiving / Receive data / Add New 

# docker pull splunk/universalforwarder:6.5.0-monitor

# docker run --name splunkuniversalforwarder \
 --env SPLUNK_START_ARGS='--accept-license --answer-yes' \
 --env SPLUNK_FORWARD_SERVER=ip.ad.re.ss:port \
 --env SPLUNK_USER=root \
 --volume /var/lib/docker/containers:/host/containers:ro \
 --volume /var/log:/docker/log:ro \
   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
   --volume volume_splunkuf_etc:/opt/splunk/etc \
   --volume volume_splunkuf_var:/opt/splunk/var \
   -d splunk/universalforwarder:6.5.0-monitor

## ...it starts, runs, does nothing useful - we need to tell it we are serious 

# docker exec -it splunkuniversalforwarder entrypoint.sh splunk login

# docker exec splunkuniversalforwarder entrypoint.sh splunk add forward-server ip.ad.dr.es:port

Subsequent to running the above, the "Docker Overview" app within Splunk Enterprise started to show me some details about docker. Not every panel is getting data (most notably, still no logs), but some docker-related information is now flowing.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎06-23-2014 03:46 PM

The free version does not have authentication. See About Splunk Free in the Admin Manual. Did you try leaving the user name and password blank for the forwarder?

Reply

hombrezuelo
New Member
‎06-23-2014 04:45 PM

Hi again me. I set up splunk universal forwarder on a linux host. but I can't remember if during installation splunks ask me for a user and password. Because I shut down the splunk server and I typed the command on console

opt/splunkforwarder/bin/splunk add forward-server splunkserver:9997

And it ask me for user and password, I guess splunk is asking to plunk local account.

0 Karma
Reply

hombrezuelo
New Member
‎06-23-2014 04:05 PM

Thanks everyone

I got it.
rkirkw thanks for the advice

ChrisG I did, I leave both fields in blank still I'm getting login failed.

I wonder if can I solve it, by recovering the splunk admin password

Thanks in advance.

0 Karma
Reply

rkirkw
Path Finder
‎06-23-2014 03:44 PM

The free version does not ask for a password - it is wide open to whoever has the URL.
I also believe that you cannot forward to the free version. At least that used to be the case...

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...