Getting Data In

After installing and configuring a universal forwarder on a remote Linux machine, why am I unable to login and connect to the remote instance?

dougcabell
Explorer

On the remote end I see this after installing/configuring Universal Forwarder:

./splunk list forward-server
Splunk username: admin
Password: 
Active forwards:
    10.40.10.69:9997
Configured but inactive forwards:
    None

If I run setup.sh on the Splunk Server I see an option 5 per below:

    Please choose from one of the following options:

1 - show *nix input status
2 - manage *nix inputs
3 - install/upgrade app
4 - change credentials
5 - connect to remote instance

0 - logout and exit program

I select option 5 and try http://nvp02:8089 and I try 10.30.11.25:8089 and neither will let me login
If I try https://nvp02:8089 and I try https://10.30.11.25:8089 I still cannot login
NO LOGINS WORK
If I run setup.sh on the remote server when it asks for the initial login before the menu, I can login with the default spunk uname/pwd
Yes, I can ssh and sftp from the server to the remote linux host.

Why does this not work for me?

Help please

Thank You

0 Karma
1 Solution

dougcabell
Explorer

My own answer, I fixed it
Needed to modify server.conf on the Universal forwarder to include
[general]
allowRemoteLogin =requireSetPassword
and need to change the password from the default
./splunk edit user admin -password "new admin password" -role admin -auth admin:change me

Definitely a documentation issue for sure. Lack thereof.

View solution in original post

dougcabell
Explorer

My own answer, I fixed it
Needed to modify server.conf on the Universal forwarder to include
[general]
allowRemoteLogin =requireSetPassword
and need to change the password from the default
./splunk edit user admin -password "new admin password" -role admin -auth admin:change me

Definitely a documentation issue for sure. Lack thereof.

ppablo
Community Manager
Community Manager
0 Karma
Get Updates on the Splunk Community!

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Admin Console: A Single, Unified Interface for All Your Cloud Admin Needs

WATCH NOWJoin us to learn how the admin console can save you time and give you more control over the Splunk® ...