IT & IoT Security | Cloud | It's all about the life itself

Nothing in life is as important as you think it is, while you are thinking about it.

Splunk Universal Forwarder No users exist. Please set up a user.

Greetings,

I was trying to add the universal forwarder the deployment server IP and got the error below.

C:\Program Files\SplunkUniversalForwarder\bin>splunk.exe set deploy-poll 10.0.0.4:8089
Splunk username: admin
Password: changeme
No users exist. Please set up a user.

To overcome it I followed the steps below.

Navigate to C:\Program Files\SplunkUniversalForwarder\etc\system\local

Edit(or create if not exist) user-seed.conf

[user_info]
USERNAME = admin_user_name
PASSWORD = <your password>

Restart splunk forwarder windows service. the file you just create would vanish, no worries. You can test your newly defined user/pass.

https://docs.splunk.com/Documentation/Splunk/8.0.2/Security/Secureyouradminaccount