How do I reset splunk admin password? I guess I need access to the file system that Splunk is running on in order to modify the password file. It does not use database so do I need to change a file/ variable?
If you forgot your admin password you will need access to the file system that Splunk is running on in order to modify the password file. To reset the admin password:
Move the $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak
Restart Splunk. After the restart you should be able to login using the default login (admin/changeme).
If you created other user accounts, copy those entries from the backup file into the new passwd file and restart splunk.