Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

indexer discovery - Why is Heavy forwarder clear text password not being encrypted?

kumaranv
Path Finder
‎01-09-2023 05:16 AM

In indexer discovery method, Heavy forwarder clear text password not being encrypted after restart. Please help

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kumaranv
Path Finder
‎01-09-2023 07:25 AM

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

View solution in original post

Tags (1)
0 Karma
Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎01-09-2023 05:57 AM

Hi @kumaranv,

Could you please show us your Heavy Forwarder outputs.conf setting (pass4SymmKey masked) ? Maybe there is something wrong with the settings.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution

kumaranv
Path Finder
‎01-09-2023 06:56 AM

It is in home practice

in $Splunk/etc/system/local/outputs.conf

[indexer_discovery:idxpeers]
pass4SymmKey = admin1234
manager_uri = https://192.168.1.180:8089

[tcpout:idxdis]
indexerDiscovery = idxpeers

[tcpout]
defaultGroup = idxdis
indexAndForward = 0

0 Karma
Reply
Solved! Jump to solution

kumaranv
Path Finder
‎01-09-2023 07:01 AM

in Master Node:
in .../etc/system/local/server.conf

[indexer_discovery]
pass4SymmKey = $7$1k1xTHTMxuk2ekDYjDOt9oIONOK3MHxxxxxxxxxxxxxxxx=

pass4SymmKey was set to admin1234 and after restart i t got encripted

I hope it should happen to HF pass4SymmKey also

Thanks

 

0 Karma
Reply
Solved! Jump to solution
Solution

kumaranv
Path Finder
‎01-09-2023 07:25 AM

In HF, it should be 

master_uri = https://192.168.1.180:8089

instead of manager_uri. I followed the https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery

kumaranv_0-1673277885909.png

It works now. Thanks

Tags (1)
0 Karma
Reply
Solved! Jump to solution

kumaranv
Path Finder
‎01-09-2023 07:45 AM

I used the command 
./splunk btool check

to identify error in stanzas in conf

 

 

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎01-09-2023 05:23 AM

Hi @kumaranv,

restart by console viewing eventual error messages, check again and if it's still present open immediately a case P1 to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...