So good practice, at installation generate a random complex password for the admin account, and deactivate REST via the deployment of a base config app. If you do not, then the universal forwarder can start with no defined users, which means that you cannot log in or make changes to the initial forwarder configuration. Whenever you would such thing, you still can re-activate it, and again in most of the cases you don't need it because you would use for bad reasons most likely.ĭeactivating via nf Install the universal forwarder silently, agree to the license, and set the forwarder admin credentials to 'SplunkAdmin/Chng3d' Always create a password for the Splunk admin user. That being said, in real life in 99% of the cases you never never need to use a CLI or REST access on the UF, as a good practice we generally globally deactivate splunkd REST API on all standard UFs (not HFs !) via the deployment of a simple base config app, which is what I do and recommend to customers. On a UF specially, for trouble shooting you may run some commands like listing the file monitors, investigating the tailing processor, etcĮxample: splunk _internal call /admin/inputstatus/TailingProcessor:FileStatus Inside the scripted input, you run the command: SPLUNKHOMEbinsplunk.exe edit user admin -password. Does this apply to Splunk universal forwarders I am using the Splunk Enterprise version, and when I got to log into the web portion, I do change the default admin password. A quick way is to setup a windows scripted input. There are different contexts where CLI or REST access can be used or useful on a Splunk UF, you may want to refer to: Based on the documentation provided by Splunk, it seems this is to set up the initial password.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |