Hello the Splunk community
I'm trying to use the token authentication between an indexer and a universal forwarder. All seems to be good on my indexer, but the UF doesn't seem to understand the configuration.
This is my configuration in /local/outputs.conf:
[tcpout]
defaultGroup = index
[tcpout:index]
server= aaa.bbb.ccc.ddd:ppp
token = 8-4-4-4-12
When I restart the Splunk daemon, the token stays in clear in the configuration file and on the indexer, I have this log: *"token not sent by forwarder!"*
If I specify that without the token, the UF works very well.
Does somebody know where I'm wrong?
Bonus question: Does anyone know how the token is created (urand, ...)?
thank you a lot!
↧