Getting Data In

Prompt for Splunk user when configuring Universal Forwarder

Mike_McMurray
Engager

I've just upgraded to Splunk 4.2 and have installed and started the UF on a Linux box. But when I try to run,

./splunk add forward-server <myip>:9997

I get prompted for a Splunk username and password. I've tried my Splunk indexer username (trial version at the moment) and local user credentials, but am obviously missing the point. Do I need to create a Splunk user (./splunk add user ...) on this machine first? If so, does this need to match a local user that the daemon will use?

I have installed the Win32 UF to send to my indexer and that's working fine.

Seems like this should be obvious (and I'm feeling dumb) but I can't find anything in the Docs. Thanks.

1 Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee

By default, the user there is admin/changeme, unless you've changed it.

View solution in original post

Stephen_Sorkin
Splunk Employee
Splunk Employee

By default, the user there is admin/changeme, unless you've changed it.

araitz
Splunk Employee
Splunk Employee

Change the password while you are at it:

./splunk edit user admin -password coolNewP455w3rdddd

Mike_McMurray
Engager

Ahh crap. My line of thinking was that this was prompting for credentials of the remote indexer and NOT the local splunk UF.
So, yes, the UF config is asking for the credentials of the local splunk install, which was the default.
Thanks

Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...