Building for the Splunk Platform

How to configure a different user other than admin for rest end point of Universal forwarder


How can I configure a different user and password other than admin to make rest end point calls to my Universal Forwader.
 Current Functionality: 


curl -k -u admin:changeme "https://<host>:<port>/services/receivers/simple?index=abc&source=test&sourcetype=test" -d "splunk rest test"


What I want:


curl -k -u mu_user:mypwd "https://<host>:<port>/services/receivers/simple?index=abc&source=test&sourcetype=test" -d "splunk rest test"



I tried putting this new user in authentication.conf with binddnuser and binddnpassword but it is throwing Unauthorized error.

Labels (1)
0 Karma


The user must be a local account.  You cannot use a SAML or LDAP account.  It must be the account name and password configured when the UF was installed.

If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...