Getting Data In

After installing and configuring a universal forwarder on a remote Linux machine, why am I unable to login and connect to the remote instance?

dougcabell
Explorer

On the remote end I see this after installing/configuring Universal Forwarder:

./splunk list forward-server
Splunk username: admin
Password: 
Active forwards:
    10.40.10.69:9997
Configured but inactive forwards:
    None

If I run setup.sh on the Splunk Server I see an option 5 per below:

    Please choose from one of the following options:

1 - show *nix input status
2 - manage *nix inputs
3 - install/upgrade app
4 - change credentials
5 - connect to remote instance

0 - logout and exit program

I select option 5 and try http://nvp02:8089 and I try 10.30.11.25:8089 and neither will let me login
If I try https://nvp02:8089 and I try https://10.30.11.25:8089 I still cannot login
NO LOGINS WORK
If I run setup.sh on the remote server when it asks for the initial login before the menu, I can login with the default spunk uname/pwd
Yes, I can ssh and sftp from the server to the remote linux host.

Why does this not work for me?

Help please

Thank You

0 Karma
1 Solution

dougcabell
Explorer

My own answer, I fixed it
Needed to modify server.conf on the Universal forwarder to include
[general]
allowRemoteLogin =requireSetPassword
and need to change the password from the default
./splunk edit user admin -password "new admin password" -role admin -auth admin:change me

Definitely a documentation issue for sure. Lack thereof.

View solution in original post

dougcabell
Explorer

My own answer, I fixed it
Needed to modify server.conf on the Universal forwarder to include
[general]
allowRemoteLogin =requireSetPassword
and need to change the password from the default
./splunk edit user admin -password "new admin password" -role admin -auth admin:change me

Definitely a documentation issue for sure. Lack thereof.

ppablo
Community Manager
Community Manager
0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...