Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- After installing and configuring a universal forwa...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the remote end I see this after installing/configuring Universal Forwarder:
./splunk list forward-server
Splunk username: admin
Password:
Active forwards:
10.40.10.69:9997
Configured but inactive forwards:
None
If I run setup.sh on the Splunk Server I see an option 5 per below:
Please choose from one of the following options:
1 - show *nix input status
2 - manage *nix inputs
3 - install/upgrade app
4 - change credentials
5 - connect to remote instance
0 - logout and exit program
I select option 5 and try http://nvp02:8089 and I try 10.30.11.25:8089 and neither will let me login
If I try https://nvp02:8089 and I try https://10.30.11.25:8089 I still cannot login
NO LOGINS WORK
If I run setup.sh on the remote server when it asks for the initial login before the menu, I can login with the default spunk uname/pwd
Yes, I can ssh and sftp from the server to the remote linux host.
Why does this not work for me?
Help please
Thank You
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My own answer, I fixed it
Needed to modify server.conf on the Universal forwarder to include
[general]
allowRemoteLogin =requireSetPassword
and need to change the password from the default
./splunk edit user admin -password "new admin password" -role admin -auth admin:change me
Definitely a documentation issue for sure. Lack thereof.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My own answer, I fixed it
Needed to modify server.conf on the Universal forwarder to include
[general]
allowRemoteLogin =requireSetPassword
and need to change the password from the default
./splunk edit user admin -password "new admin password" -role admin -auth admin:change me
Definitely a documentation issue for sure. Lack thereof.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just for reference, this is documented on this page:
http://docs.splunk.com/Documentation/Splunk/6.2.2/Admin/AccessandusetheCLIonaremoteserver
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
