splunk admin password

shantanuo picture shantanuo · Aug 17, 2011 · Viewed 21.1k times · Source

How do I reset splunk admin password? I guess I need access to the file system that Splunk is running on in order to modify the password file. It does not use database so do I need to change a file/ variable?

Answer

shantanuo picture shantanuo · Aug 17, 2011

If you forgot your admin password you will need access to the file system that Splunk is running on in order to modify the password file. To reset the admin password:

  • Move the $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak

  • Restart Splunk. After the restart you should be able to login using the default login (admin/changeme).

If you created other user accounts, copy those entries from the backup file into the new passwd file and restart splunk.