I would not leave it default...it may not be used often but it can be exploited for bad things. For example, somebody connecting to it with the default username/password, pointing it to a rogue deployment server, pushing down scripts to run in context of the splunk user and possibly owning the box. On the UF's, we set a random password for the admin account and disable the management port. Have a look at this .conf session from a couple years back: https://conf.splunk.com/files/2016/recordings/universal-forwarder-security-dont-input-more-than-data-into-your-splunk-environment.mp4 ... View more

We started seeing this after we recently upgraded to 6.4.2, but not before. Is there any correlation between the two? ... View more

There is a README.txt file in the app that contains instructions. Now that you have the app installed, you will need to create an input to start the FTP server: Navigate to "Settings » Data Inputs" at the menu at the top of Splunk's user interface. Click "FTP" Click "New" to make a new instance of an input Make sure that the path that you are serving the files from exists. See https://raw.githubusercontent.com/LukeMurphey/splunk-ftp-receiver/master/src/README.txt for the full details. ... View more