My freshly installed splunk server has by default listening enabled on port 9997.
When I try to configure a universal forwarder, using splunk add forward-server ip:9997 , I'm getting a "Login failed" message.
I verified that the username and password are accurate, of an admin user that can log in to the web interface with them ( on port 8000).
I also verified that there are no blocks on port 9997 by successfully opening a telnet session to that port.
What am I doing wrong here? And how can I get more verbose details on what is causing the failure?
... View more