Hi,
Were you able to fix this?
I've got the exact same issue :
failed CSRF validation -- expected "123456", but instead cookie had "123456" and header had ""
I've got Splunk 7.2.7 behind a Reverse proxy.
... View more
I had a similar error on startup. I looked in the splunk logs - %ProgramFiles%\SplunkUniversalForwarder\var\log\splunk\splunkd.log and it turned out to be a completely different issue. It had to do with corrupt permissions on the forwarder input.config files. Just as a pointer to maybe start from the log files and go from there.
Hope this helps someone.
... View more