Do you have access the the CLI of this Splunk instance? If so, you can reset the password: Stop splunk service Move the $SPLUNKHOME/etc/passwd file to $SPLUNKHOME/etc/passwd.bak Start Splunk. After the restart you should be able to login using the default login (admin/changeme). source: https://community.splunk.com/t5/Security/Splunk-Admin-Password/td-p/326020 If this is a training provided instance, contact your instructor.
... View more
I encountered this problem as well.
The alerts was triggered by restarting an indexer cluster peer, which caused this peer to roll all its indexes. I believe this is just a one-time thing, and the internal logs shows that the hotBucketRoller is working perfectly normal.
My problem is that the alerts stayed here for almost a day now.
@jacobevans Have you found how long the health status alert will stay?
... View more
Windows raw logs are binary files. Seems that your Splunk forwarder are not reading the logs properly. If you already installed the forwarder on your windows server, you can consider using the universal forwarder to forward the logs to your indexer: https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWindowseventlogdata#Use_a_universal_forwarder
It is also more convenient to use the add-on to set up log collection: https://splunkbase.splunk.com/app/742/
... View more