Hello the Splunk community
I'm trying to use the token authentication between an indexer and an UF. All seems to be good on my indexer.
But the UF don't want to understand the configuration.
This is my configuration in /local/outputs.conf :
[tcpout]
defaultGroup = index
[tcpout:index]
server= aaa.bbb.ccc.ddd:ppp
token = 8-4-4-4-12
When I restart the splunk daemon, the token stays in clear in the configuration file and on the indexer, I have this log: *"token not sent by forwarder!"*
I specify that whitout the token, the UF works very well.
Somebody knows where I'm wrong?
Bonus question: Somebody knows how the token is created (urand, ...)?
thank you a lot!
↧