Installation

Splunk Universal Forwarder 7.3.4 (build 13e97039fb65)

rballan2
Loves-to-Learn Lots

I have installed SUF 7.3.4 on UNIX(Solaris 10) Server and when I run splunk list guid or splunk list monitor I am getting "Splunk username".

I have a user "splunkma" configured that I use to stop / start splunkd process.

Please advice. Thanks.

RB

 

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

When a Splunk CLI command prompts for a username, it is expecting the name of a Splunk admin account.  The Unix account that runs Splunk will not work.  It must be the admin account you created when you installed the forwarder.

---
If this reply helps you, Karma would be appreciated.
0 Karma

rballan2
Loves-to-Learn Lots

Ok. Thanks for the follow-up/information.

I have created the file user-seed.conf file in $SPLUNK_HOME/etc/system/local as 

pre installation instruction.

The user-seed.conf file is only used the first time the Splunk UF starts, and is automatically deleted.

(from what I read in the installation instruction)

In my case every time I run for example splunk list monitor or splunk list guid I still see:

Your session is invalid. Please login.

Splunk username:

If I  type admin as login and the admin passwd I am getting the GUID info however in other servers/in other installation that I did in the past I did not have this issue.

I am trying to see why in this specific case I ha/opt/splunkforwarder/etcve this problem.

I tried to remove the file:  /opt/splunkforwarder/etc/passwd and I restarted splunkd process

but still is  asking me the same "credential message".

Please any suggestion will be great. Thanks.

 

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

I'm not understanding the problem.  What's wrong with needing to sign in to the forwarder before a command will work?  Credentials usually are cached so you don't have to re-enter them with every command, but the cache is cleared when the UF restarts.

Deleting the etc/passwd file removes all credentials so you no longer will be able to authenticate.  Unlike older versions of Splunk, there are no default credentials created when the passwd file is removed.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...